Re: [TLS] TLS 1.3 - Support for compression to be removed

Jeffrey Walton <noloader@gmail.com> Sun, 04 October 2015 18:54 UTC

MIME-Version: 1.0
In-Reply-To: <201510041432.35903.davemgarrett@gmail.com>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <CAHOTMVL+C4Q2=wAVMWmSbyzmmZb7o6pucN=bEKv70eq8wWLA_w@mail.gmail.com> <CAH8yC8nRoAk1KxQRKp3Yr8y8Yut3hc5pOgJ-hqShO3qb6cg2wQ@mail.gmail.com> <201510041432.35903.davemgarrett@gmail.com>
Date: Sun, 04 Oct 2015 14:48:19 -0400
Message-ID: <CAH8yC8mt4sSAb45G-BOGUP3BqKfFi3_05XE2kvccr0b6ZzO+HA@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/dVDzf1B1H_zMyzOcqgBXPRX8iNE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
Precedence: list
Reply-To: noloader@gmail.com

On Sun, Oct 4, 2015 at 2:32 PM, Dave Garrett <davemgarrett@gmail.com> wrote:
> On Sunday, October 04, 2015 01:58:09 pm Jeffrey Walton wrote:
>> Is that necessarily true?
>
> It should be apparent by now that the dominant opinion is that compression in TLS is not worth the risk and not worth the time to attempt to deal with here. Whether or not a generic compression algorithm could theoretically be made safe is irrelevant at this point. It's a known-dangerous attack surface that we don't want the risk of.
>

If I am reading things correctly: the group has effectively
encountered a security problem, deemed it to be too hard for them, and
then pushed it into another layer where folks are even less equipped
to deal with it. Is that correct?

I might be missing something, but I don't believe the "problems
created by compression" have gone away. Rather, they have been moved
around so the risk remains. The underlying problem still exists
because the group responsible for providing those security services
have not addressed them.

Jeff

[TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE