Re: [TLS] TLS 1.3 - Support for compression to be removed

takamichi saito <tan1tan2tan3tan4@gmail.com> Sat, 03 October 2015 02:45 UTC

Return-Path: <tan1tan2tan3tan4@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBEC41A92E4 for <tls@ietfa.amsl.com>; Fri, 2 Oct 2015 19:45:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.702
X-Spam-Level:
X-Spam-Status: No, score=0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vxt0g1c8UQZT for <tls@ietfa.amsl.com>; Fri, 2 Oct 2015 19:45:11 -0700 (PDT)
Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D00751A92E1 for <tls@ietf.org>; Fri, 2 Oct 2015 19:45:10 -0700 (PDT)
Received: by pacex6 with SMTP id ex6so122160045pac.0 for <tls@ietf.org>; Fri, 02 Oct 2015 19:45:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Azrl2Q+4xSRIiPS15rCVzLjj7tX0QvlVEyrSCL8Zj1U=; b=FaN8SQl+HDyLfeFuuiteei4mIEsUowvmBRR6lIQnWwnXl2ETA2W5bR8wJgsSlQngVl xwfkYfm4mRgEG41j1VECfq9qRDzRE/EnDHyQMFyk9LY/hBU/ey+nyDXZvk5YoPUTNFJA rbjh/qX4iamfQpZGGOoQTCSbyT5FVuR7r5EiXLirPByv/aPCNODgd21N7FLEY6eOX0Ri R/J13jmjUq0vz0vBL8BxFWpdXTum/OoamDSJnGdkp4QOLpMUQ2DLGM3D+imSZaS2xdxh OLbGJZEJBUeIgmVocA8mowtaZEAR+6BEZg05oJvT6XNmU16OzPmpa7DwBX2YptoY5AZy dXQw==
X-Received: by 10.67.4.9 with SMTP id ca9mr24194087pad.90.1443840310524; Fri, 02 Oct 2015 19:45:10 -0700 (PDT)
Received: from [10.12.142.197] (s1402242.xgsspn.imtp.tachikawa.spmode.ne.jp. [1.75.2.242]) by smtp.gmail.com with ESMTPSA id dz7sm14515005pab.16.2015.10.02.19.45.09 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 02 Oct 2015 19:45:09 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-0DEA9B53-A7F9-46AC-8C77-0CA0510EE593"
Mime-Version: 1.0 (1.0)
From: takamichi saito <tan1tan2tan3tan4@gmail.com>
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <682cb934aeeb42fabdf1fecfccf4c5b5@ustx2ex-dag1mb3.msg.corp.akamai.com>
Content-Transfer-Encoding: 7bit
Message-Id: <2DB2A295-AEE7-46A5-BDD2-4BD298F5DA6D@gmail.com>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com> <6796F70E-44FD-4CD8-A691-6D0BFAE6EFDC@cs.meiji.ac.jp> <682cb934aeeb42fabdf1fecfccf4c5b5@ustx2ex-dag1mb3.msg.corp.akamai.com>
To: "Salz, Rich" <rsalz@akamai.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/dr6W3R3L-WJrCKi7uW7XKOrhPkw>
X-Mailman-Approved-At: Sun, 01 Nov 2015 16:50:36 -0800
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Date: Sat, 03 Oct 2015 02:45:12 -0000
X-Original-Date: Sat, 3 Oct 2015 11:45:07 +0900
X-List-Received-Date: Sat, 03 Oct 2015 02:45:12 -0000


2015/10/03 0:24、Salz, Rich <rsalz@akamai.com> のメッセージ:

> 
>> 1) We know CRIME threat, but it can not be risk for everyone.
>> e.g., CVSS v2 Base Score: 2.6 (LOW)
> 
> CVSS isn't always appropriate; CVSS2 called Heartbleed a 5; CVS v3 called it 7.5

We know it, but one of indicators.
How can you say the dangerous or risk instead of it? 
My point is, CRIME is risk for every case? even when we have option  in tls1.3, in case that default is off. 

> 
>> Which one is safer, "tls1.2" v.s. "tls1.3 with comp/decomp" ?
> 
> They are equivalent.  If you use AES-GCM and ECDHE, and you don't need 0RTT, then there is no compelling reason to use TLS 1.3.

If so, some people can skip tls1.3.

;; takamixhi saito
c2xhYWlidHNvcw