Re: [TLS] TLS 1.3 - Support for compression to be removed

Watson Ladd <watsonbladd@gmail.com> Sun, 20 September 2015 11:28 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF9851B4B30 for <tls@ietfa.amsl.com>; Sun, 20 Sep 2015 04:28:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EjC-yLSxUzmf for <tls@ietfa.amsl.com>; Sun, 20 Sep 2015 04:28:37 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 694021B4B2D for <tls@ietf.org>; Sun, 20 Sep 2015 04:28:37 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so81947068wic.0 for <tls@ietf.org>; Sun, 20 Sep 2015 04:28:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=jSX0qWTt7XnZkLegcMwLb6ENwPHdUxzTsF2yhgaBgFc=; b=yZUreBrAFQB1vz6J/IFRqxKpQDXyCjmxGU8ut11+KJDe23I6a0mTlyEzNfiCBTrAmG Y9UC4QlnfbHiKsCg9AWs7g4TzIRCH1hPG2aYjEtwMDSKhFaK9j59CiFojjtcJapWFWpO pkyhA8FzfwNjis5NnF5ng0mgEudxXBgPfRMlG0xtJLyv3+PWSSmH22n/2yQUdZ0ulf3o JqmRU/Nm+AuzYMwi+TeT5kVi++z8tpetwaSRIXGFxqPUL0aT8IFUIfNspfXzMr/rCMwn tb8Ax9WzpKfm3+Va2BIGowHUYtoFVWKy9ww+jKQHDmzT8SQ+Uavx2NyByYlhDKX8bIgO Gm0g==
MIME-Version: 1.0
X-Received: by 10.180.105.135 with SMTP id gm7mr7415952wib.18.1442748515770; Sun, 20 Sep 2015 04:28:35 -0700 (PDT)
Received: by 10.28.51.145 with HTTP; Sun, 20 Sep 2015 04:28:35 -0700 (PDT)
In-Reply-To: <55FE761B.803@trigofacile.com>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com> <fa252c02f4504e5fb11cb95aa2701562@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FE761B.803@trigofacile.com>
Date: Sun, 20 Sep 2015 07:28:35 -0400
Message-ID: <CACsn0cm4Lre7H8XLUVOPCFh7VAwBB+2wt89bDzTq1rYQmDd3Mw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Julien ÉLIE <julien@trigofacile.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/EwMt-l33QZ2ehoOTjYYURYsocWE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Sep 2015 11:28:39 -0000

On Sun, Sep 20, 2015 at 5:02 AM, Julien ÉLIE <julien@trigofacile.com> wrote:
> Hi Rich,
>
>> It is widely recognized that in many cases, TLS-level compression is
>> flawed (for example NNTP authinfo?).
>
>
> Though I've read a few pages explaining how CRIME and BEAST attacks work, I
> still do not see well how TLS-level compression would make NNTP vulnerable.
> Same thing for POP or IMAP I believe.
>
> The news server does not leak information.  The responses are just OK or KO.
> For instance:

This analysis would predict that HTTP isn't vulnerable. Furthermore,
the whole point is that TLS is supposed to provide certain services to
upper levels, and not require this kind of detailed analysis in
security designs.

>
> AUTHINFO USER test
> 381 Enter password
> AUTHINFO PASS test
> 281 Authentication succeeded
>
> or in the case of an authentication failure:
>
> AUTHINFO USER test
> 381 Enter password
> AUTHINFO PASS badpassword
> 481 Authentication failed
>
>
>
> How compression would make NNTP weaker?
> (Brute-force attack is still necessary, even with compression enabled.)
>
> --
> Julien ÉLIE
>
> « Etna : lave dévalante. »
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.