Re: [TLS] A question to implementors about compression

Martin Thomson <martin.thomson@gmail.com> Wed, 08 April 2015 16:46 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78F2C1B3431 for <tls@ietfa.amsl.com>; Wed, 8 Apr 2015 09:46:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ioxi_pxXlzsB for <tls@ietfa.amsl.com>; Wed, 8 Apr 2015 09:46:56 -0700 (PDT)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40A7D1B342E for <tls@ietf.org>; Wed, 8 Apr 2015 09:46:56 -0700 (PDT)
Received: by obbeb7 with SMTP id eb7so71721730obb.3 for <tls@ietf.org>; Wed, 08 Apr 2015 09:46:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rGrNjOJP+HCg4Y9dGUyHUzFEZuOl59Z1rYdg2GRz35w=; b=oIj0CXO0iZ89SMiOR/BUtBUe7L9YHDZtkbABUEtVWfpbPifhw4br/LRm6keuKKEvtu 9DK7ivlHEm32tnC8tnUDPP28E+OTi0/t/RKZgj7FeQ3uDj0Qbs7cHynhMEqzuQDKe+hU K8YzMIeqXMLkN0imLrGZw+dscaGYI2UsW2n7Q19VS1WtK5PCGnYZwwlIuqCSlwQQ/QO5 QTXbBL3MBTRrHSKTnt8RYK5DnHfFGZlTYm+b/VxbceSh9AxJ7AVc1LsEYjmqtDo06UHW Yl6uTcPljXcLzFD/G2lFfHXoH5ct/sOx3KT6FrGmk5eCAGTSswFW+76tWbRxoD82JQph Hh6Q==
MIME-Version: 1.0
X-Received: by 10.182.63.3 with SMTP id c3mr1992346obs.1.1428511606503; Wed, 08 Apr 2015 09:46:46 -0700 (PDT)
Received: by 10.202.48.151 with HTTP; Wed, 8 Apr 2015 09:46:46 -0700 (PDT)
In-Reply-To: <mg2fmj$b07$1@ger.gmane.org>
References: <2dbc5ad134f544619db764781a8bb249@ustx2ex-dag1mb2.msg.corp.akamai.com> <CABkgnnXp8UzdNo+JQSyJY+U6wo=-tCFMcopn=N9XwNi_k0DYKQ@mail.gmail.com> <mg2fmj$b07$1@ger.gmane.org>
Date: Wed, 08 Apr 2015 09:46:46 -0700
Message-ID: <CABkgnnX2ZHdqN2Dwp-VfzjCb5S4zurugjE3fzZyJ7GheqeCAvQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Alex Elsayed <eternaleye@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/VgUMVdUPFTM8BhKG-EaWULma6v0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] A question to implementors about compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 16:46:57 -0000

On 7 April 2015 at 22:52, Alex Elsayed <eternaleye@gmail.com> wrote:
> Martin Thomson wrote:
>
>> On 7 April 2015 at 06:23, Salz, Rich <rsalz@akamai.com> wrote:
>>> I want to completely remove TLS-layer compression from the next release
>>> of OpenSSL (roughly year-end). If you this will cause interop problems
>>> with
>>> your stack, can you please let me know?  Thanks.
>>
>> I'm guessing that interop problems with other stacks will be the least
>> of your concerns: the uncompressed option is pretty well-tested.  NSS
>> happily doesn't compress.  I'd be more concerned about users who might
>> have gotten attached to the feature.
>
> Fortunately, LibreSSL ripped it out a while back, and a  large number of
> things got fixed to handle that - so I think it's unlikely this will break
> the entire world; more likely about 10-25% of it (i.e. "nobody built this
> with LibreSSL" or "upstream hasn't taken patches to fix the build on
> LibreSSL").

Are you suggesting that LibreSSL/OpenSSL prior to the removal would
fail to properly negotiate the absence of compression?  I'm fairly
sure we'd know if that was the case.