Re: [TLS] TLS 1.3 - Support for compression to be removed

Joseph Lorenzo Hall <> Tue, 22 September 2015 18:09 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B39E61A92AB for <>; Tue, 22 Sep 2015 11:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ix4tOoIw08S5 for <>; Tue, 22 Sep 2015 11:09:23 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 101B31A9250 for <>; Tue, 22 Sep 2015 11:09:23 -0700 (PDT)
Received: by lahg1 with SMTP id g1so23170465lah.1 for <>; Tue, 22 Sep 2015 11:09:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=j9IjgsVVAOFnROlhfuo376KsKYLZzT51f1rmXgmzvac=; b=QscjeXDj4fcWtJ75TxbL6ToauD6AW34X1Gi4X2drBSIwHdjF4odvHYBMiO2XF7QZJV lf4dpxtfRNN48U+Wp9j3D7GmLwdW8jZ86NzFfiYIT1Yy2aybJZOYCe8VufeKmnJjEP7o xyxrL+B9oiCshyQCeLe9zvtZxFAiG3TssdCeg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=j9IjgsVVAOFnROlhfuo376KsKYLZzT51f1rmXgmzvac=; b=WobnWs9lb9wcDM2rKh2IeZItUWQ2OW6ApRt5hr3k8GGB+/nbcCe8G8mucx8I+aPIJR o84lMC+qLNqrJsXY6tUi++bUQeE9ezSP/fGbu0pI76yrOuvxbwmHs5kgvWqOwHorhfyk JUY56WV8sYVetP5ZImMVPYS0oSwUDYS3tVbVXcLnspvMzzQZb6pxOjt9U21etdcYHyQd cNX7J4Tp2Hxqamny9HqHLm9CCmdQhG3NnbUUlYfaJyI2X+qlQ7AiIL9gk+MYyXjj3VsP HhjPtJUIuHT43gaCQkrnvQPLNl/XHgAbHe7mbSR+4BwihbdU19CszYUBXnI26RoIT9P9 Zp1g==
X-Gm-Message-State: ALoCoQku+a5f02c2J1crY2CiDyLjiEDxBN/NmFUmVDsEO5FlOTbztVhJLnOexgYAPKhoxe/xS7rS
X-Received: by with SMTP id o124mr2934681lfo.41.1442945361144; Tue, 22 Sep 2015 11:09:21 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 22 Sep 2015 11:09:01 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Joseph Lorenzo Hall <>
Date: Tue, 22 Sep 2015 14:09:01 -0400
Message-ID: <>
To: Stephen Farrell <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: "" <>, Simon Josefsson <>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 22 Sep 2015 18:09:24 -0000

On Tue, Sep 22, 2015 at 1:35 PM, Stephen Farrell
<> wrote:
> On 22/09/15 17:23, Tony Arcieri wrote:
>> But an unsafe feature shouldn't be kept in
>> TLS just because some protocols want to do unsafe things and are too lazy
>> to implement their own compression.
> Compression does have issues clearly, but it's not correct to describe
> people wanting TLS to compress as lazy. They're rather looking for the
> same features that TLS has offered for a couple of decades. So if there
> were a way to help them, that'd be good. And if not, the onus I think
> is on us in this WG to clearly explain why we're removing that feature
> in TLS1.3.
> That doesn't have to be text in the TLS1.3 specification but I would
> guess the question may keep coming up, so documenting the answer in
> some archival form (such as an RFC:-) might be a good plan.

I like this idea... and it doesn't have to be compression-specific but
could rather be of the variety of "Things that we [don't think make
sense/consider harmful/are best done] if done at the TLS layer."

This won't help get 1.3 out the door sooner, but it would be very
useful to understand important points of consensus in TLS WG that are
broader design decisions that may persist past 1.3.

best, Joe

Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871