IETF Logo Mail Archive

Re: [TLS] Confirmation of Consensus on Removing Compression from TLS 1.3

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Sat, 26 April 2014 15:24 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 247571A0290 for <tls@ietfa.amsl.com>; Sat, 26 Apr 2014 08:24:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.773
X-Spam-Level:
X-Spam-Status: No, score=-9.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96mh7I3bX5_j for <tls@ietfa.amsl.com>; Sat, 26 Apr 2014 08:24:23 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) by ietfa.amsl.com (Postfix) with ESMTP id 0042E1A022E for <tls@ietf.org>; Sat, 26 Apr 2014 08:24:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=674; q=dns/txt; s=iport; t=1398525856; x=1399735456; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=FEHzm58+V/irQdqWsqYD1HK4XWx3hPT3dLoAOZAa67o=; b=cY2ekJNE3AJTdmSW/ddHTU1CeA6ui08za845NeO7217lwvXGPgqBKgrL iZhYn3PoZ7wwzGgVX8APVcZRNhVqpSTcT9iYBeoxhxoU3h3Rp3bBlfdma HIgVw0fGNgQn+NureWhBsuqCQW6kBfm42Sa2CdPbqqu3PzEZpIyTIPHSb 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiEFAOnOW1OtJV2c/2dsb2JhbABZgwaBJsRagQsWdIIlAQEBAwE6RAsCAQg2EDIlAgQTiDkIyg8XjiY6gySBFQEDmQySXoMxgis
X-IronPort-AV: E=Sophos;i="4.97,933,1389744000"; d="scan'208";a="39012088"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP; 26 Apr 2014 15:24:15 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com [173.36.12.89]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s3QFOFY0004396 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <tls@ietf.org>; Sat, 26 Apr 2014 15:24:15 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.100]) by xhc-aln-x15.cisco.com ([173.36.12.89]) with mapi id 14.03.0123.003; Sat, 26 Apr 2014 10:24:15 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Confirmation of Consensus on Removing Compression from TLS 1.3
Thread-Index: AQHPSSMxZ0z0INsV8EeHhSnGu4GmzJskiLQA
Date: Sat, 26 Apr 2014 15:24:14 +0000
Message-ID: <C490E2C7-6435-4483-9C82-89A9F00392F4@cisco.com>
References: <DA7A3139-EE44-4FE2-B674-4ECAE4D51079@cisco.com>
In-Reply-To: <DA7A3139-EE44-4FE2-B674-4ECAE4D51079@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.85.164.213]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C17337E631718C4689ECC101F09B8BCD@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/GytiqGDGuyUd9cLLmJCqzW5gX88
Subject: Re: [TLS] Confirmation of Consensus on Removing Compression from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2014 15:24:24 -0000

We have strong confirmation of consensus to remove compression from TLS 1.3.   The Editor is requested to make the appropriate changes to the draft on github.

Joe
[For the chairs]
On Mar 26, 2014, at 11:42 AM, Joe Salowey <jsalowey@cisco.com> wrote:

> The use of compression within TLS has resulted in vulnerabilities that can be exploited to disclose TLS encrypted application data.   The consensus in the room at IETF-89 was to remove compression from TLS 1.3 to remove this attack vector.  If you have concerns about this decision please respond on the TLS list by April 11, 2014.
> 
> Thanks,
> 
> Joe
> [Speaking for the TLS chairs]

v2.23.0 | Report a Bug | By Email