Re: [TLS] TLS 1.3 - Support for compression to be removed

Dave Garrett <> Sun, 04 October 2015 18:54 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A262E1B349A for <>; Sun, 4 Oct 2015 11:54:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XinjE0l0PeSg for <>; Sun, 4 Oct 2015 11:54:12 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BB6BB1B2DD6 for <>; Sun, 4 Oct 2015 11:50:26 -0700 (PDT)
Received: by qgez77 with SMTP id z77so133416670qge.1 for <>; Sun, 04 Oct 2015 11:50:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=LLHKE7RW1BcotiCHbvQ40M6uQq5dOmr2mJf8qi4D2sQ=; b=YQb7ePySiDk2bf54pogog7p3tV484wr+OSYwjOUrACPPmix5Lmsu4RZKLat56BI7wf Q7P/ZLeWw+GBGXzH8I4i6unNb0Oy2ceSuaq9q6qyTME1eXx2f909RArdLBY4ssQDaGi1 sKUU1Oeic8PRnQTvJj5U7rCP459KmCQCB27wf82/eaT5OCQr7e4V0WaPTvf1TqTOwdAY onTQiQCdNlIQgz8yKH2VHo6fRxYBDEckq+sW3mvcdurcm3DXUIo/D5tUBLE7XjQUbGzt 9t5QeB2I6Y1ynFGb3K0/0+XIPYtozrmAyXHU6/59mXZyTX3UCaj/EnBs+JR5ZJ9iCgIj bY4Q==
X-Received: by with SMTP id f2mr36141491qhe.59.1443984626004; Sun, 04 Oct 2015 11:50:26 -0700 (PDT)
Received: from dave-laptop.localnet ( []) by with ESMTPSA id e6sm9525522qga.14.2015. (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 04 Oct 2015 11:50:25 -0700 (PDT)
From: Dave Garrett <>
To:, Tony Arcieri <>
Date: Sun, 04 Oct 2015 14:50:24 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <> <> <>
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <>
Archived-At: <>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Oct 2015 18:54:13 -0000

On Sunday, October 04, 2015 02:09:49 pm Tony Arcieri wrote:
> If someone has produced a secure system for "compression side-channel
> resistant encryption", I haven't seen it.

I can think of a way to do this, but the people who want compression badly probably won't like it due to the need to pad heavily.

1) Pick a fixed bandwidth
2) Compress & encrypt the stream
3) Send the compressed stream at a rate blocked to the cap
4) Whenever below the cap, pad the stream to the cap

Maintain a fixed transmission of data per unit time and there's no way to tell the size of anything (even if delivery doesn't match the rate). However, this relies on being able to pick a usable fixed bandwidth (in each direction). The bandwidth cap size and length of transmission times still gives quite a bit of info, e.g. 1GB vs 1KB total is quite telling, but that's true without compression.

With a good compression algorithm, the above could probably produce an overall more efficient stream rather easily for many things. If your idea of compression is to keep using DEFLATE forever, however, you should probably just reevaluate what you're doing.