Re: [TLS] TLS 1.3 - Support for compression to be removed
Eric Rescorla <ekr@rtfm.com> Thu, 08 October 2015 04:44 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E17961A8768 for <tls@ietfa.amsl.com>; Wed, 7 Oct 2015 21:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.012
X-Spam-Level:
X-Spam-Status: No, score=0.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F83v6zGXTBna for <tls@ietfa.amsl.com>; Wed, 7 Oct 2015 21:44:22 -0700 (PDT)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E94471A8764 for <tls@ietf.org>; Wed, 7 Oct 2015 21:44:21 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so7792390wic.0 for <tls@ietf.org>; Wed, 07 Oct 2015 21:44:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=auZE5aIdbTMqL598x8tauePqGf1hWAabfb9wg901mI8=; b=h9eVqm/hL/mcmDOxv1+fgumedLLr/wNAsiCzTZE5D80hpVtQrdoYdsztbmguQTU2DQ j7y+eEZ48/lPdEY/wQi3v5iiPtQyvVLRMdUKknWUEzouWI89bQNJveUKfrfjFmmXL+zr o/PzM0BI2jpOocc2lBJ4VL69WBZjuCE7rSMHRVjJs84qFu3M9ALug0mPr3d5HWNebRcs bAjecxWGHtpEUKeI02pVMVX3A12xJAXxq3pLIiYHHRIv3hnnnmo1NZklfDmDv5QRTwwU BR5DzktQO2fkB6sCuUXE7TAHp/FW8+z6kOIFp1NbDc/qMVpH1u9WcOhOpBJzx85K0FTW xEAA==
X-Gm-Message-State: ALoCoQmQasR/STjj1SxeHNRxk+g7LmMeS6DcWv/AE7L15ukGsMEjZLLtdIdBpdKvX/HZqpaMah3u
X-Received: by 10.194.94.71 with SMTP id da7mr5195023wjb.8.1444279460411; Wed, 07 Oct 2015 21:44:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.79.200 with HTTP; Wed, 7 Oct 2015 21:43:40 -0700 (PDT)
In-Reply-To: <49943603-287F-4C78-AEC1-45628554C190@akamai.com>
References: <CABcZeBNfFHR3eDi1yoifOuZ_ALMPN+xRo1nBx+qk19J+LQjmLw@mail.gmail.com> <20151007211155.384AC1A2C5@ld9781.wdf.sap.corp> <CABcZeBPoF9Qm=ySx+xXkLCegWn1j=06LP+KPcZ=6N7NAbodBew@mail.gmail.com> <49943603-287F-4C78-AEC1-45628554C190@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 08 Oct 2015 06:43:40 +0200
Message-ID: <CABcZeBNkePGEhTyZs6_7dtnyiP5cVKkcSUzcD-NspZti2-MVPg@mail.gmail.com>
To: "Short, Todd" <tshort@akamai.com>
Content-Type: multipart/alternative; boundary="047d7bf0c10231d22c05219084cc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OblE30kw2VIiID_UDyUZTYw1c_0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 04:44:25 -0000
On Wed, Oct 7, 2015 at 11:28 PM, Short, Todd <tshort@akamai.com> wrote: > However, for those ClientHello’s that support older versions, the > compression_method field may contain other values. This means that if a > TLSv1.3 client happened to support compression for TLSv1.2, it would be > unable to negotiate that via a single ClientHello. There’s no way to > attempt to negotiate TLSv1.2+compression and TLSv1.3+no-compression in a > single ClientHello. > > In effect, the document is stating that a TLSv1.3 client MUST NOT support > compression, regardless of the protocol version that may be negotiated. > Yes, this is what I believe it says and what I believe the WG had consensus on, the reasoning being that we really wished to just remove the feature entirely. If the chairs declare consensus on something else, I will of course edit it to say something else. -Ekr -- > -Todd Short > // tshort@akamai.com > // "One if by land, two if by sea, three if by the Internet." > > On Oct 7, 2015, at 5:15 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > > On Wed, Oct 7, 2015 at 11:11 PM, Martin Rex <mrex@sap.com> wrote: > >> Eric Rescorla wrote: >> > Martin Rex <mrex@sap.com> wrote: >> >> Eric Rescorla wrote: >> >>> >> >>> That is what the document says: >> >>> "Versions of TLS before 1.3 supported compression and the list of >> >>> compression methods was supplied in this field. For any TLS 1.3 >> >>> ClientHello, this field MUST contain only the ?null? compression >> method >> >>> with the code point of 0. If a TLS 1.3 ClientHello is received with >> any >> >>> other value in this field, the server MUST generate a fatal >> >>> ?illegal_parameter? alert. Note that TLS 1.3 servers may receive TLS >> 1.2 >> >>> or prior ClientHellos which contain other compression methods and MUST >> >>> follow the procedures for the appropriate prior version of TLS." >> >> >> >> The quoted wording calls for a fatal handshake failure when ClientHello >> >> offers >> >> >> >> TLSv1.2+compression _or_ TLSv1.3 >> >> >> >> while at the same time the last requirement asserts that a ClientHello >> with >> >> >> >> TLSv1.2+compression >> >> >> >> is perfectly OK. To me, this looks quite odd. >> > >> > That's not how I read this text. >> > >> > Rather, I read it as: >> > If ClientHelloVersion >= TLS 1.3 >> > then the compression field must be empty >> > else: >> > the compression field is dictated by other versions >> > >> > This doesn't seem inconsistent to me. If you still think that the >> paragraph >> > reads differently, can you help me by diagramming it? >> >> What you describe would be considerable worse that what I understood, >> because it would mean that a TLSv1.3 ClientHello will be unconditionally >> invalid for a TLSv1.2 server. >> >> https://tools.ietf.org/html/rfc5246#page-42 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5246-23page-2D42&d=BQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=IxUTnzF6SN6y6C4zTXXfgQmiV1FojXWtLZ0S8hS5eGY&s=Uu3NPBs1t52N_fGVGPqXazTAStG7cPUeCfNh6eCTtkk&e=> >> >> compression_methods >> This is a list of the compression methods supported by the client, >> sorted by client preference. If the session_id field is not empty >> (implying a session resumption request), it MUST include the >> >> Dierks & Rescorla Standards Track [Page 41] >> >> RFC 5246 TLS August 2008 >> >> *> compression_method from that session. This vector MUST contain, >> *> and all implementations MUST support, CompressionMethod.null. >> Thus, a client and server will always be able to agree on a >> compression method. > > > Sorry, I spoke carelessly. It must contain solely the null method. > > -Ekr > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > >
- [TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
- Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
- Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
- Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
- Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
- Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
- Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
- Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
- Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
- Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
- Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
- Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
- Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE