Re: [TLS] TLS 1.3 - Support for compression to be removed

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 22 September 2015 13:23 UTC

From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Simon Josefsson <simon@josefsson.org>, Julien ÉLIE <julien@trigofacile.com>
Thread-Topic: [TLS] TLS 1.3 - Support for compression to be removed
Thread-Index: AdD1OdWFMSsZDobWPUarSzG2K9gkow==
Date: Tue, 22 Sep 2015 13:23:13 +0000
Message-ID: <20150922132321.17789008.2591.24358@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="===============0854605015=="
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ovHlNW_nBOKr4Cwr1iC5vDcr9vw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
Precedence: list

Also, if compression is moved from TLS to upper layer(s) - how would it mitigate compression-related attacks? Besides "now it's somebody else's problem"?

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Simon Josefsson
Sent: Tuesday, September 22, 2015 04:07
To: Julien ÉLIE
Cc: tls@ietf.org
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed

Julien ÉLIE <julien@trigofacile.com> writes:

> Hi Karthik,
>
>> It may well be true that some (typically unauthenticated) application
>> protocols on top of TLS can survive TLS compression, but it is
>> unlikely.
> [...]
>> HTTP is a particularly bad case because the attacker can potentially
>> inject arbitrary data before (and after) the secret. With NNTP you
>> may escape the worst of this adversary, but you probably won’t find
>> any TLS expert willing to say that compressing the password is ok.
>
> OK, many thanks for the illustration!
>
> So in fact, to be safer, authentication commands should either be sent
> uncompressed or be more complex than they currently are (for instance
> with the insertion of random data with random length along with the
> authentication command).

I believe the general recommendation is to not send passwords in
cleartext at all, even in encrypted tunnels. I'm sure you are aware of
it, but you may SASL in NNTP as described in RFC 4643.

/Simon

Attachment: smime.p7s

[TLS] TLS 1.3 - Support for compression to be rem… Alewa, Christos
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
Re: [TLS] TLS 1.3 - Support for compression to be… Loganaden Velvindron
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Karthikeyan Bhargavan
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Thijs van Dijk
Re: [TLS] TLS 1.3 - Support for compression to be… Simon Josefsson
Re: [TLS] TLS 1.3 - Support for compression to be… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Lorenzo Hall
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Stephen Farrell
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Benjamin Kaduk
Re: [TLS] TLS 1.3 - Support for compression to be… Kurt Roeckx
Re: [TLS] TLS 1.3 - Support for compression to be… Peter Gutmann
Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Colm MacCárthaigh
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Björn Tackmann
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Nikos Mavrogiannopoulos
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE
Re: [TLS] TLS 1.3 - Support for compression to be… Jeremy Harris
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… Yuhong Bao
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Viktor Dukhovni
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Roland Zink
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Daniel Kahn Gillmor
Re: [TLS] TLS 1.3 - Support for compression to be… Ilari Liusvaara
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Yoav Nir
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Salz, Rich
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Thomson
Re: [TLS] TLS 1.3 - Support for compression to be… Douglas Stebila
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
Re: [TLS] TLS 1.3 - Support for compression to be… Geoffrey Keating
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Bill Frantz
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Jeffrey Walton
Re: [TLS] TLS 1.3 - Support for compression to be… Tony Arcieri
Re: [TLS] TLS 1.3 - Support for compression to be… Short, Todd
Re: [TLS] TLS 1.3 - Support for compression to be… Eric Rescorla
Re: [TLS] TLS 1.3 - Support for compression to be… Joseph Salowey
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Watson Ladd
Re: [TLS] TLS 1.3 - Support for compression to be… Martin Rex
Re: [TLS] TLS 1.3 - Support for compression to be… Dave Garrett
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… takamichi saito
Re: [TLS] TLS 1.3 - Support for compression to be… Julien ÉLIE

Re: [TLS] TLS 1.3 - Support for compression to be removed

Attachment: smime.p7s