Re: [TLS] TLS 1.3 - Support for compression to be removed

Yoav Nir <> Thu, 24 September 2015 07:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B17111B3808 for <>; Thu, 24 Sep 2015 00:52:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xHuA7MzJPmMS for <>; Thu, 24 Sep 2015 00:52:44 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 53D031B380A for <>; Thu, 24 Sep 2015 00:52:43 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so100924313wic.0 for <>; Thu, 24 Sep 2015 00:52:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=TLLZKdfe/VPhQcJuhJZknAg6PdwFuZWmQxgR3iSKhqQ=; b=FpvY6WuLYeiOq01D+Hb25oq05fqN9hUIUkHlhF8waycIoeV2IMspzlUM5bsCVWRCvR BsvFrUmKH3771NIqFYJtqSDtWwqU5lHqLQQkeA4AgZ6I9yqE5xbG/uv73zkUvQtHFI1T vX62ExqyFcLCXBEOguobQVmQ9Comtp2qF7HHaXVu1WnPfQdM3hOaptPRaLwN3tMQkuN1 lCB2xOP8v8tgky+9MFaBi4pb1Ee2HqslHoD9Z5oNeLlEUrs4A71DGYBZziziWfnsauLj Nj7UKnVWa8zsclp9Djqu+i77G93EXKB37WVFEav5PuSwnKs5AoKHZhFtmwEpstjpcxQN GEyw==
X-Received: by with SMTP id fs13mr9090885wic.13.1443081161887; Thu, 24 Sep 2015 00:52:41 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id pl7sm4163755wic.4.2015. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 24 Sep 2015 00:52:40 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Yoav Nir <>
In-Reply-To: <>
Date: Thu, 24 Sep 2015 10:52:39 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.2104)
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Sep 2015 07:52:45 -0000

> On Sep 24, 2015, at 7:40 AM, Jeffrey Walton <> wrote:
>> I have to wonder if it’s worth it. In the last decade bandwidth has increased and prices for networking have gone down much faster than CPU speeds. 10 years ago having 1 Mbps at home was  the highest-end broadband you could get. Now you routinely get 100x that. CPU has increased, but nowhere near that. This makes compression less desirable, to the point that people did not complain much when browser vendors removed compression following the CRIME attacks. True, the rise of mobile brought back limited bandwidth, but is this really an issue?
> I don't think using bandwidth as a factor is a good idea.
> On other lists I still see the occasional quip about suffering a low
> bandwidth connection. It used to be folks in some European countries,
> but most recently I seem to recall South American. (I think we're
> seeing the shift because South American countries are going places
> American and Europeans have already been with respect to
> infrastructure).

At some point the countries with the least developed infrastructure eventually go through some government-led project to improve infrastructure, and that makes them leapfrog most other countries just because all their infrastructure is suddenly new. It happened in South Korea 15 years ago, and it’s happening in many African countries now. I don’t think we should burden a security protocol with a problematic mode based on a perceived need that might evaporate in a couple of years. Deploying high bandwidth is even faster now that you can make the last mile wireless rather than running copper or fiber to individual homes.

> In the rural US, I understand low bandwidth is the norm. Those folks
> can't get companies like Verizon or Comcast to service them due to
> population density. Its just not profitable for the providers to
> update the infrastructure. Also see

That supports my point.  To quote one of the top results from that search (the first one that was not an ad):

	"53 percent of rural Americans have no access to high-speed Internet, which he defined as capable of downloading content at 25 megabits per second.”

15 years ago, having “no access to high-speed Internet” meant having just 56Kbps dial-up modem. 10 years ago it meant not having access to 0.5 Mbps broadband. The bar is now significantly higher. And you don’t usually need 25 Mbps for NNTP, although the last time I actually used NNTP was over a 56Kbps modem.