Re: [TLS] TLS 1.3 - Support for compression to be removed
Bill Frantz <frantz@pwpconsult.com> Wed, 23 September 2015 22:50 UTC
Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD1D1B2D28 for <tls@ietfa.amsl.com>; Wed, 23 Sep 2015 15:50:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQOkiCmzIylt for <tls@ietfa.amsl.com>; Wed, 23 Sep 2015 15:50:55 -0700 (PDT)
Received: from elasmtp-banded.atl.sa.earthlink.net (elasmtp-banded.atl.sa.earthlink.net [209.86.89.70]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4991B2D27 for <tls@ietf.org>; Wed, 23 Sep 2015 15:50:55 -0700 (PDT)
Received: from [173.75.83.125] (helo=Williams-MacBook-Pro.local) by elasmtp-banded.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1Zess9-0003kI-U1; Wed, 23 Sep 2015 18:50:46 -0400
Date: Wed, 23 Sep 2015 15:50:45 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Tony Arcieri <bascule@gmail.com>
X-Priority: 3
In-Reply-To: <CAHOTMVK0x7+aH=GGyhF11ujYtKBu+p99Oh61yfvc29g+L-wbXQ@mail.gmail.com>
Message-ID: <r422Ps-1075i-24E61674B10D4B339628DEFF3E66677F@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79335a36028aa74608d2f1bb5979e67d19350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.125
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/EszyYFBeYJOfuNcdiPcXsY8m47I>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 22:50:57 -0000
On 9/22/15 at 11:21 AM, bascule@gmail.com (Tony Arcieri) wrote: >On Tue, Sep 22, 2015 at 11:16 AM, Julien ÉLIE <julien@trigofacile.com> >wrote: > >>What for protocols that aren't subject to unsafe usage and that were >>relying on the compression facility provided by TLS? >>Unconditionally removing TLS compression leads to a regression for them. >> > >They can continue using older versions of TLS, or add their own compression >feature. They shouldn't be relying on an encryption protocol to provide >compression. IMHO, compression adds too many security vulnerabilities to a general purpose secure communication protocol. I think TLS 1.3 is right in eliminating it. It is too big a foot gun. I do have a lot of sympathy with those who have been using compression in previous versions of TLS. Probably the best solution for them is to have a TLS like library which only does compression. It could be largely API compatible so switching between TLS and compression is a relatively easy programming job. I'll let the TLS implementers say just how hard such a library would be to produce. Cheers - Bill ----------------------------------------------------------------------- Bill Frantz | "The only thing we have to | Periwinkle (408)356-8506 | fear is fear itself." - FDR | 16345 Englewood Ave www.pwpconsult.com | Inaugural address, 3/4/1933 | Los Gatos, CA 95032
- [TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
- Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
- Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE