IETF Logo Mail Archive

Re: [TLS] Confirmation of Consensus on Removing Compression from TLS 1.3

Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 26 March 2014 19:40 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C821A01F7 for <tls@ietfa.amsl.com>; Wed, 26 Mar 2014 12:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iiT1mAQTPg8t for <tls@ietfa.amsl.com>; Wed, 26 Mar 2014 12:40:49 -0700 (PDT)
Received: from mail-ee0-x230.google.com (mail-ee0-x230.google.com [IPv6:2a00:1450:4013:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 6CF791A01AB for <tls@ietf.org>; Wed, 26 Mar 2014 12:40:49 -0700 (PDT)
Received: by mail-ee0-f48.google.com with SMTP id b57so2030702eek.35 for <tls@ietf.org>; Wed, 26 Mar 2014 12:40:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=TKxBJ4ul6ZGoJPSQropV6xkOhRt1Okz4/oKX4/NyfWI=; b=zhF9TRtkTPhMWNHzl5+tyxfQujVfqzbz6k2UdDKBVUMiVgjr8D1oMWvtdYzzYTeLOo wImvGjzlyyyRzTbj9i+DQoIWBf0v95zbpNYG8ofTdghLZsCgltWKp7CG42OguRKiZu59 Ojp1+XHNl276xK+wXnx3erHO1HUsziVbul1xXXzGn3mcWtcSegIC3PqpNcTpFDJzHwa0 +evT7Nd9BjLW+xhypstOZYjOvOncYomYAWiHSS0DHqlCed9uDld+2GE7cZ0IS7yrJ7/q 6s096Dwk4tH58UyLClzVxRthWvmsdX11lLAC77EgldBOB8BfP67G8VGuaoJg4IwUTFnD T/uA==
X-Received: by 10.14.241.139 with SMTP id g11mr13912632eer.49.1395862847168; Wed, 26 Mar 2014 12:40:47 -0700 (PDT)
Received: from [10.0.0.1] (bzq-79-182-10-128.red.bezeqint.net. [79.182.10.128]) by mx.google.com with ESMTPSA id w1sm35013797eel.16.2014.03.26.12.40.45 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 26 Mar 2014 12:40:46 -0700 (PDT)
Message-ID: <53332D3D.5020908@gmail.com>
Date: Wed, 26 Mar 2014 21:40:45 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <DA7A3139-EE44-4FE2-B674-4ECAE4D51079@cisco.com>
In-Reply-To: <DA7A3139-EE44-4FE2-B674-4ECAE4D51079@cisco.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/BgnMbf_iDqMs92Q2etXqpQxWIpo
Subject: Re: [TLS] Confirmation of Consensus on Removing Compression from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2014 19:40:54 -0000

I think this would be a mistake. I would recommend instead to say that 
compression SHOULD be disabled by default. But leave the option in the 
protocol for applications that need compression and are able to mitigate 
the vulnerability. This does NOT include normal Web traffic.

The reason is that we have compression at the HTTP layer too, it is 
widely used, and is subject to similar vulnerabilities when run over 
TLS. AFAIK, no-one is proposing to ban HTTP compression [1]. So we're 
just moving the problem to a different protocol layer, one that may be 
less security conscious.

And in general, an encrypted transport should provide compression as one 
of its services. Architecturally this is the right level, which is why 
it was put there in the first place.

Thanks,
	Yaron

[1] http://http2.github.io/http2-spec/index.html#rfc.section.10.6

On 03/26/2014 08:42 PM, Joseph Salowey (jsalowey) wrote:
> The use of compression within TLS has resulted in vulnerabilities that can be exploited to disclose TLS encrypted application data.   The consensus in the room at IETF-89 was to remove compression from TLS 1.3 to remove this attack vector.  If you have concerns about this decision please respond on the TLS list by April 11, 2014.
>
> Thanks,
>
> Joe
> [Speaking for the TLS chairs]
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.39.1 | Report a Bug | By Email | System Status