Re: [TLS] TLS 1.3 - Support for compression to be removed

Jeffrey Walton <> Wed, 23 September 2015 23:17 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1EE451B32DC for <>; Wed, 23 Sep 2015 16:17:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XInzn6Lr5-J4 for <>; Wed, 23 Sep 2015 16:17:53 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2AE2D1B32D7 for <>; Wed, 23 Sep 2015 16:17:53 -0700 (PDT)
Received: by ioiz6 with SMTP id z6so59194815ioi.2 for <>; Wed, 23 Sep 2015 16:17:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=h6RsZiMFVc3zcBbjgIzZo6MBFwgPKsdhXMZuB2Jlx4M=; b=UNJQzu9vaIfZHiQsX5vASx1T6OqKorRuXHaf5tEdQoceMPFQxmb6cawmmgUwlhwMqJ nIW+IhVGKd8mtiCkhMeqsNVG3rMmHcuQps3nr2MDW/2IQJ1Ad/Q2lE5akshzLXmRmrHO Z/lieVN7OsGGtVMCI74CJpXf81mhCNmewf7UJ4l1k0yYXV5IUyQrCdqFyzSBvhXZ4Y5o hSWejs5ewZaLoZYufLGEL7va6F9aIIgtMd2LQVrkgEVyeOybw0o7muS4aDBC0yEYRPxG bg+wEk79I+BB3N90Xvlj+lCICeBnSXiVIh//ukSRMH+OVSeZHd1F3PU2AJAtOAynZsSn kWWA==
MIME-Version: 1.0
X-Received: by with SMTP id 63mr48511483ioj.122.1443050272487; Wed, 23 Sep 2015 16:17:52 -0700 (PDT)
Received: by with HTTP; Wed, 23 Sep 2015 16:17:52 -0700 (PDT)
In-Reply-To: <r422Ps-1075i-24E61674B10D4B339628DEFF3E66677F@Williams-MacBook-Pro.local>
References: <> <r422Ps-1075i-24E61674B10D4B339628DEFF3E66677F@Williams-MacBook-Pro.local>
Date: Wed, 23 Sep 2015 19:17:52 -0400
Message-ID: <>
From: Jeffrey Walton <>
To: Bill Frantz <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Sep 2015 23:17:55 -0000

> IMHO, compression adds too many security vulnerabilities to a general
> purpose secure communication protocol. I think TLS 1.3 is right in
> eliminating it. It is too big a foot gun.

To play devil's advocate: if (1) compression increases attack surface
and (2) people use compression, then wouldn't the best place to
address it be in a protocol or security library rather than pushing it
into a higher level in the stack where it likely won't be addressed?

> I do have a lot of sympathy with those who have been using compression in
> previous versions of TLS. Probably the best solution for them is to have a
> TLS like library which only does compression. It could be largely API
> compatible so switching between TLS and compression is a relatively easy
> programming job. I'll let the TLS implementers say just how hard such a
> library would be to produce.

OpenSSL currently has an configuration option to build without
compression methods (no-comp). I usually build OpenSSL without
compression, and OWASP recommends building without compression

Building without compression is my personal preference, but I would
not go so far to say others should not do it because that reduces to
bike shedding. It would be like me saying, ADH and ECADH should be
removed because they don't provide any real security. Or, me saying
PKIX should be removed because the IETF provides Public Key Pinning
with Overrides, which does not provide any real real security.