Re: [TLS] TLS 1.3 - Support for compression to be removed

Jeffrey Walton <noloader@gmail.com> Wed, 23 September 2015 23:17 UTC

MIME-Version: 1.0
In-Reply-To: <r422Ps-1075i-24E61674B10D4B339628DEFF3E66677F@Williams-MacBook-Pro.local>
References: <CAHOTMVK0x7+aH=GGyhF11ujYtKBu+p99Oh61yfvc29g+L-wbXQ@mail.gmail.com> <r422Ps-1075i-24E61674B10D4B339628DEFF3E66677F@Williams-MacBook-Pro.local>
Date: Wed, 23 Sep 2015 19:17:52 -0400
Message-ID: <CAH8yC8=OK8bJ8P+KJvfS=ws3yJbhNg-MxA76=GGk7MPvb=QD3g@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Bill Frantz <frantz@pwpconsult.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/HnViGgUqftgFu5V3ycVBVQCy_qw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
Precedence: list
Reply-To: noloader@gmail.com

> IMHO, compression adds too many security vulnerabilities to a general
> purpose secure communication protocol. I think TLS 1.3 is right in
> eliminating it. It is too big a foot gun.

To play devil's advocate: if (1) compression increases attack surface
and (2) people use compression, then wouldn't the best place to
address it be in a protocol or security library rather than pushing it
into a higher level in the stack where it likely won't be addressed?

> I do have a lot of sympathy with those who have been using compression in
> previous versions of TLS. Probably the best solution for them is to have a
> TLS like library which only does compression. It could be largely API
> compatible so switching between TLS and compression is a relatively easy
> programming job. I'll let the TLS implementers say just how hard such a
> library would be to produce.

OpenSSL currently has an configuration option to build without
compression methods (no-comp). I usually build OpenSSL without
compression, and OWASP recommends building without compression
(https://www.owasp.org/index.php/C-Based_Toolchain_Hardening).

Building without compression is my personal preference, but I would
not go so far to say others should not do it because that reduces to
bike shedding. It would be like me saying, ADH and ECADH should be
removed because they don't provide any real security. Or, me saying
PKIX should be removed because the IETF provides Public Key Pinning
with Overrides, which does not provide any real real security.

Jeff

[TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE