Re: [TLS] TLS 1.3 - Support for compression to be removed
Eric Rescorla <ekr@rtfm.com> Sun, 04 October 2015 20:18 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81C3A1A1B34 for <tls@ietfa.amsl.com>; Sun, 4 Oct 2015 13:18:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8jnCQEFJ68m for <tls@ietfa.amsl.com>; Sun, 4 Oct 2015 13:18:17 -0700 (PDT)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A59901A00DB for <tls@ietf.org>; Sun, 4 Oct 2015 13:18:16 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so94396545wic.0 for <tls@ietf.org>; Sun, 04 Oct 2015 13:18:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=y7znLVpNp8H4UNuW4mR4IvdgAJ1q1JUQa3Fnwx9U06E=; b=IJjemytlrYAro7cKnsn0Gvka1ZCiURmz4bzRMpHgHp69GwTwNYTqsBFJm6xW1JVAUT GcbVqeUatsXIIFUMSjnyzjxegOJ+lx8iO7jV22NlFjC9AzR1PDFzEjY31cWs5DaktNyd N5HkuATaAHv1aG620n4GyOM3+m+YGq/CSsLJgOYxVfZLgfF6tisxLmJMs52xK/Uqb99i bWB630+5z1ibmsRMzcTvcQt1lSzPVfjk2zWnrfzvWb/HdqkbOkxm/l6xuHd2NyRbBJKq BkhK3LoY7/MyyH0jgk1limG0JN11iCdwPULV/vo9SsLcEb2eyqp5Q9x+EQfWEPbu/kZJ 4Cng==
X-Gm-Message-State: ALoCoQlNOuViwwB+0lvfbg2IehXG9LVHDZjX1iTfyiKiWtr47NFQ13BPwBtMMZ0POaVA4VZScYM4
X-Received: by 10.180.106.98 with SMTP id gt2mr8115220wib.31.1443989895207; Sun, 04 Oct 2015 13:18:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.79.200 with HTTP; Sun, 4 Oct 2015 13:17:35 -0700 (PDT)
In-Reply-To: <CAH8yC8=Yze=ByftxFUkSy8y2e7q0EijkxGtYjWOe7fEO66iODw@mail.gmail.com>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <201510041450.24540.davemgarrett@gmail.com> <CAHOTMV+G6CRgX0YPQ-HmG06rd6ttOaoXKF+HwacTiEGwJ+_vkg@mail.gmail.com> <201510041527.04800.davemgarrett@gmail.com> <CAH8yC8=Yze=ByftxFUkSy8y2e7q0EijkxGtYjWOe7fEO66iODw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 04 Oct 2015 13:17:35 -0700
Message-ID: <CABcZeBOqFx+6GxEOUzAwahxyycFxGZB-_NhfEn3mqoFnBZBMaw@mail.gmail.com>
To: noloader@gmail.com
Content-Type: multipart/alternative; boundary="f46d04428f1cc3794405214d18a3"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LJdLbDTL_QyxpUSpqKCxx5wqbSg>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2015 20:18:19 -0000
On Sun, Oct 4, 2015 at 1:01 PM, Jeffrey Walton <noloader@gmail.com> wrote: > >> Typically compression is used to lower the overall size of data, > working on > >> a wide class of inputs. In the perceptual coding case the class of > inputs > >> is constrained, and the goal is to keep the data rate constant, not > >> optimally small. > > > > Yep. You could do this in bursts with different caps each time to get it > to work with bursty things like HTTP & other general data transfer > protocols. Without a really good modern compression algorithm, though, it > isn't that appealing. Once these caveats and tweaks start getting added to > the simple concept, it starts treading into the territory that is better > handled by the application protocol that actually *knows what it's > sending*. This seems to be the logical wall we keep hitting, which is why > TLS doesn't seem like the place to do this. > > > I think two concepts are blending into one.... You appear to be > arguing for efficiency, and I'm more concerned with safely/securely. > > I'm fairly certain the internet community at large would benefit from > "compression done safely/securely", even if its not the most > efficient. If the application layer wants to provide a more efficient > implementations, then that's fine too. > > I think this I where things now stand (if I am surveying correctly): > (1) TLS WG did not fix the problem (bad); (2) users don't have a > choice (bad); (3) applications will have to provide their own > compression when desired, which will likely increase overall risk for > users (bad). For (3) keep in mind browsers are not the only user > agents or consumers of web services. > The problem is that we don't know how to generically provide compression safely. To take a concrete example: HTTP2's solution to header compression, HPACK, is extremely limited compared to a generic compression system like gzip, LZ77, etc., as well as being tightly-coupled to HTTP, and yet we still know that there are potential security problems [0]. Doing something generically secure is much harder. If you have a solution to this problem, then great. But the mere fact that it's desirable doesn't mean we have an answer. -Ekr [0] Specifically, that the attacker can confirm specific guesses about the contents of a header field. > All-in-all, I think its a win for NSA, GCHQ and other miscreants; and > an overall loss for user. > > Jeff > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
- Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
- Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE