Re: [TLS] TLS 1.3 - Support for compression to be removed

"Salz, Rich" <rsalz@akamai.com> Sat, 19 September 2015 20:06 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9785E1A008F for <tls@ietfa.amsl.com>; Sat, 19 Sep 2015 13:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.512
X-Spam-Level:
X-Spam-Status: No, score=-0.512 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id naazXahiG3bY for <tls@ietfa.amsl.com>; Sat, 19 Sep 2015 13:06:40 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id F068B1A008E for <tls@ietf.org>; Sat, 19 Sep 2015 13:06:39 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id F3926740076; Sat, 19 Sep 2015 20:06:38 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id DE11B740001; Sat, 19 Sep 2015 20:06:38 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1442693198; bh=SPQPka7Obr0J1veD38yU0Z5LlUazWFHQq+v0uYhumQo=; l=612; h=From:To:Date:References:In-Reply-To:From; b=TFKaQ0Oc2bAjsccnIjZgLGtJnfNhytd0z0b6QB1e7SrusfGnJGbQCx+Qme+vTduCD 28DOEduyMWJ7q2wgefu7uE9nW0wLo5GIN0YfAQ/LG5VnAcbF8jp/AmWqrASfP6pTDk WMdwS7LUDwjWPnPQwHpeWB33AH8l2k4v+XaI51PQ=
Received: from email.msg.corp.akamai.com (ustx2ex-cas2.msg.corp.akamai.com [172.27.25.31]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id D6BC198087; Sat, 19 Sep 2015 20:06:38 +0000 (GMT)
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.27.107) by ustx2ex-dag1mb1.msg.corp.akamai.com (172.27.27.101) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Sat, 19 Sep 2015 15:06:38 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.27.107) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Sat, 19 Sep 2015 13:06:38 -0700
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1076.000; Sat, 19 Sep 2015 15:06:38 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Julien ÉLIE <julien@trigofacile.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS 1.3 - Support for compression to be removed
Thread-Index: AQHQ8kBAS4S1zYgQwkGNXxwEQUlpup5CsHewgABfN4CAATi/YA==
Date: Sat, 19 Sep 2015 20:06:37 +0000
Message-ID: <fa252c02f4504e5fb11cb95aa2701562@ustx2ex-dag1mb1.msg.corp.akamai.com>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com>
In-Reply-To: <55FC7343.3090301@trigofacile.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.34.128]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/P_GjHB6BnyAx53Ku4KJBavvN0W8>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Sep 2015 20:06:42 -0000

 
> Well, it is true that NNTP can stay on TLS 1.2.  News clients and news servers
> can implement TLS 1.2 and use it.
> The concern will be when TLS 1.2 is declared "flawed".  Maybe one day it will
> be considered insecure; and then, compliant TLS implementations won't be
> able to use compression.  That facility will then be lost.

Yes.

It is widely recognized that in many cases, TLS-level compression is flawed (for example NNTP authinfo?).  TLS 1.3 does not have it.  So NNTP that needs compression can continue to use TLS 1.2, and if TLS 1.2 is "flawed" things can change.

	/r$