Re: [TLS] TLS 1.3 - Support for compression to be removed

takamichi saito <saito@cs.meiji.ac.jp> Sat, 03 October 2015 22:36 UTC

Return-Path: <tan1tan2tan3tan4@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4E251A87BE for <tls@ietfa.amsl.com>; Sat, 3 Oct 2015 15:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id riWELZO1EGnO for <tls@ietfa.amsl.com>; Sat, 3 Oct 2015 15:36:22 -0700 (PDT)
Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FFA01A87BD for <tls@ietf.org>; Sat, 3 Oct 2015 15:36:21 -0700 (PDT)
Received: by pacex6 with SMTP id ex6so139046602pac.0 for <tls@ietf.org>; Sat, 03 Oct 2015 15:36:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=I5GQOR9tdLRGdevy9Dm/mOpZbFNrfW1Z9dQKLK60akI=; b=JvaopcpPQ6v1tAj87hHztg3Xom2GjP35HF2mlisNCqWYS7IZ+s3l4ZwMoH09Uy7lAX DIEXh8niwzj6D/wi001tNlkVUNLPaHM74raySECUIzrp/Wjmu5Q8fld1jaXyPxSUPJ6j 4zKNUDy1hmPOWqLheNCBJBua53q1xY8Tr1cz/dHdUjrqqr1RwtH8sMzadkJ10UuGZgW6 TxS2aG5VfeggiNv2R+P76ehsXn9Te1Sn8260PL1CKUj7H0JEgKN2NU6O2B5fwIwJULMa 0RnbVmhuqEouCs3pyv35cJ/cWlVbpinUgTdumLPU/rmvi4rrKpBbmVIW5joOTifOcXL8 XADw==
X-Received: by 10.66.216.1 with SMTP id om1mr29361692pac.51.1443911781516; Sat, 03 Oct 2015 15:36:21 -0700 (PDT)
Received: from [192.168.11.7] (27-142-114-198.rev.home.ne.jp. [27.142.114.198]) by smtp.gmail.com with ESMTPSA id bz4sm19268085pbd.6.2015.10.03.15.36.20 for <tls@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 03 Oct 2015 15:36:20 -0700 (PDT)
Sender: "saito@cs.meiji.ac.jp" <tan1tan2tan3tan4@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Apple Message framework v1283)
From: takamichi saito <saito@cs.meiji.ac.jp>
In-Reply-To: <560E8DA8.8020903@zinks.de>
Date: Sun, 04 Oct 2015 07:36:22 +0900
Content-Transfer-Encoding: quoted-printable
Message-Id: <775C14FF-8F23-44E4-9A80-9F4F65217B86@cs.meiji.ac.jp>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com> <6796F70E-44FD-4CD8-A691-6D0BFAE6EFDC@cs.meiji.ac.jp> <560E8DA8.8020903@zinks.de>
To: tls@ietf.org
X-Mailer: Apple Mail (2.1283)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/FpcbZvoH9voxdZ5-36qQAprxmtM>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2015 22:36:23 -0000

On 2015/10/02, at 22:59, Roland Zink wrote:

> Browsers are not a concern as they already have their own comp/decomp codes. HTTP/1 can compress content (Content-encoding and transfer-encoding) and HTTP2 has additional header compression.
> 
> Regards,
> Roland
> 

I see,
but contrary,
tls is only for browser?

And more,
if you kick out comp/decomp from tls,
can we be safer when we use tls?
If you know the paper, please teach me.

Or, rfc or good teacher should notify us,
"When you use TLSv1.3, you never use compression, sorry!"
I know it may be out scope,
but we have to estimate the risk.

regards,


> 
> Am 02.10.2015 um 15:08 schrieb takamichi saito:
>>> Do we know how many protocols currently suffer from CRIME?
>>> 
>>> 
>>> Maybe a best practice could be suggested by UTA for the implementation of TLS in software, to disable compression if vulnerable.  And for the others, to implement a way to enable/disable compression in case one day a vulnerability is found.
>> I agree.
>> 
>> Again,
>> 
>> 1) We know CRIME threat, but it can not be risk for everyone.
>> e.g., CVSS v2 Base Score: 2.6 (LOW)
>> 
>> 2) If we need to have comp/decomp in an application layer,
>>  clients such like browser need their own comp/decomp codes.
>> 
>> 3) If there is no comp in tls1.3, some people may continue to use tls1.2.
>> Which one is safer, "tls1.2" v.s. "tls1.3 with comp/decomp" ?
>> 
>> That's why we explore the way to keep compression in TLSv1.3.
>> How about making an option only in server-side?
>> The spec has the compression but default is off, and also provides the suggestion.
>> 
>> 
>>> -- 
>>> Julien ÉLIE
>>> 
>>> « La vraie valeur d'un homme se mesure lorsqu'il a tout perdu. »
>>> 
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>> 
>> ;; takamixhi saito
>> c2xhYWlidHNvcw
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls


;; takamixhi saito