Re: [TLS] TLS 1.3 - Support for compression to be removed

Julien ÉLIE <julien@trigofacile.com> Sun, 20 September 2015 14:54 UTC

Return-Path: <julien@trigofacile.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 627FB1A904E for <tls@ietfa.amsl.com>; Sun, 20 Sep 2015 07:54:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.45
X-Spam-Level: *
X-Spam-Status: No, score=1.45 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KK3Zk1xN-YZJ for <tls@ietfa.amsl.com>; Sun, 20 Sep 2015 07:54:44 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp02.smtpout.orange.fr [80.12.242.124]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 831401A904D for <tls@ietf.org>; Sun, 20 Sep 2015 07:54:43 -0700 (PDT)
Received: from macbook-pro-de-julien-elie.home ([83.200.77.196]) by mwinf5d37 with ME id KSug1r00V4E7NBX03Sugw2; Sun, 20 Sep 2015 16:54:41 +0200
X-ME-Helo: macbook-pro-de-julien-elie.home
X-ME-Auth: anVsaWVuLmVsaWU0ODdAd2FuYWRvby5mcg==
X-ME-Date: Sun, 20 Sep 2015 16:54:41 +0200
X-ME-IP: 83.200.77.196
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com> <fa252c02f4504e5fb11cb95aa2701562@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FE761B.803@trigofacile.com> <CACsn0cm4Lre7H8XLUVOPCFh7VAwBB+2wt89bDzTq1rYQmDd3Mw@mail.gmail.com> <55FEA206.3010504@trigofacile.com> <A93EC035-A7D6-45E1-8931-74C96F44C854@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
From: Julien ÉLIE <julien@trigofacile.com>
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <55FEC8B0.9070904@trigofacile.com>
Date: Sun, 20 Sep 2015 16:54:40 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <A93EC035-A7D6-45E1-8931-74C96F44C854@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/6bAjEHz5hOh-BtjFBg9yoZmX70E>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Sep 2015 14:54:45 -0000

Hi Karthik,

> It may well be true that some (typically unauthenticated) application
> protocols on top of TLS can survive TLS compression, but it is
> unlikely.
[...]
> HTTP is a particularly bad case because the attacker can potentially
> inject arbitrary data before (and after) the secret. With NNTP you
> may escape the worst of this adversary, but you probably won’t find
> any TLS expert willing to say that compressing the password is ok.

OK, many thanks for the illustration!

So in fact, to be safer, authentication commands should either be sent 
uncompressed or be more complex than they currently are (for instance 
with the insertion of random data with random length along with the 
authentication command).

If TLS 1.3 is used, so without compression facility, adding a new 
COMPRESS command to NNTP will not help if how authentication is done is 
not strenghtened at the same time, won't it?
Or AUTHINFO is not a valid command after the use of COMPRESS.

-- 
Julien ÉLIE

« Etna : lave dévalante. »