Re: [TLS] TLS 1.3 - Support for compression to be removed
Björn Tackmann <btackmann@eng.ucsd.edu> Wed, 23 September 2015 23:38 UTC
Return-Path: <btackmann@eng.ucsd.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF0741B337E for <tls@ietfa.amsl.com>; Wed, 23 Sep 2015 16:38:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TE_A3Ph6tMP for <tls@ietfa.amsl.com>; Wed, 23 Sep 2015 16:38:25 -0700 (PDT)
Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com [IPv6:2607:f8b0:400e:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECB361B3379 for <tls@ietf.org>; Wed, 23 Sep 2015 16:38:24 -0700 (PDT)
Received: by padhy16 with SMTP id hy16so53909636pad.1 for <tls@ietf.org>; Wed, 23 Sep 2015 16:38:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eng.ucsd.edu; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7ols/0k1d9O/Png06HGknVxJV56mwTLwndondimMCjQ=; b=b0bj/bJtMlz5eeOLWifQK8b+YuUjWJ5o1Hz5D5DgJD3kFESC/nH1Ka+0ULlFNWLV4v OzlNpQM4BbeW9DmIodApb/OmnxY+cRGto0+nV3BuzAaV07Ln0PqC5S5B0T0PAtLCh0ev Gbch8AdKb0zzb9zZOlSD1HMedngR248IuV+IY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=7ols/0k1d9O/Png06HGknVxJV56mwTLwndondimMCjQ=; b=lhY0kKbbRb/YDRYgUfY4OzbSMXUSSP/IMeVr+erkp3BkADOMxBOl0ZMKSKKBFbhp5+ P4lGNew+IOwQnoC/rTD9DZa402AQTSVltwz4uL2P5EVakLRDKlbhxukJXd93jcfvtXSj miWrkHpy542PK6vvR0xZNw6qL3X1MMDJRC7WHC5C0v+b00Fpx2NCuzC1xZuCmZkXiphN eJgSCS6t+w+kYu5PwkgyOtHhbvvoW3XW6W8LV6CwkbeBWICM3+ol483uvC8Bx7MPa7y1 qP3Ch2IUiEuQO4WcParoJT0Y+i5sH7fq0X8wg4PByijtcvdARKJ03QnvSg9LTjNL21mz hfaw==
X-Gm-Message-State: ALoCoQlJgS95Gqfjruo+jIHMi8VCPET+fEPAg10KVbRvLJr8k0nYpmnxHmFOIhHMHohQQ7vZysJv
X-Received: by 10.68.185.132 with SMTP id fc4mr40206928pbc.96.1443051504537; Wed, 23 Sep 2015 16:38:24 -0700 (PDT)
Received: from [132.239.10.226] ([132.239.10.226]) by smtp.gmail.com with ESMTPSA id ox2sm9935961pbb.87.2015.09.23.16.38.23 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 23 Sep 2015 16:38:24 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Björn Tackmann <btackmann@eng.ucsd.edu>
In-Reply-To: <CAH8yC8=OK8bJ8P+KJvfS=ws3yJbhNg-MxA76=GGk7MPvb=QD3g@mail.gmail.com>
Date: Wed, 23 Sep 2015 16:38:22 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <F5118F54-B9D2-4AF2-9B4F-6E9F8D1765C8@eng.ucsd.edu>
References: <CAHOTMVK0x7+aH=GGyhF11ujYtKBu+p99Oh61yfvc29g+L-wbXQ@mail.gmail.com> <r422Ps-1075i-24E61674B10D4B339628DEFF3E66677F@Williams-MacBook-Pro.local> <CAH8yC8=OK8bJ8P+KJvfS=ws3yJbhNg-MxA76=GGk7MPvb=QD3g@mail.gmail.com>
To: noloader@gmail.com
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Ha_x6k6X0s3Re1tInPxXKy5yHvE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 23:38:26 -0000
> On Sep 23, 2015, at 4:17 PM, Jeffrey Walton <noloader@gmail.com> wrote: > >> IMHO, compression adds too many security vulnerabilities to a general >> purpose secure communication protocol. I think TLS 1.3 is right in >> eliminating it. It is too big a foot gun. > > To play devil's advocate: if (1) compression increases attack surface > and (2) people use compression, then wouldn't the best place to > address it be in a protocol or security library rather than pushing it > into a higher level in the stack where it likely won't be addressed? No, because compression is not a good idea for the general use case of TLS. It might be a good idea for specific applications (where there may be specific reasons for which it will not violate security), but then one can (and should) resolve it specifically for those applications. Even within one application, there may be parts where the security suffers from compressing, and some where it does not. Only the application can make this decision. Best, Bjoern
- [TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
- Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
- Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE