Re: [TLS] Confirmation of Consensus on Removing Compression from TLS 1.3

Eric Rescorla <ekr@rtfm.com> Sun, 27 April 2014 16:05 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D07C1A07A2 for <tls@ietfa.amsl.com>; Sun, 27 Apr 2014 09:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.723
X-Spam-Level:
X-Spam-Status: No, score=0.723 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SiiKicdk8lVB for <tls@ietfa.amsl.com>; Sun, 27 Apr 2014 09:05:42 -0700 (PDT)
Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) by ietfa.amsl.com (Postfix) with ESMTP id 5BC041A07A0 for <tls@ietf.org>; Sun, 27 Apr 2014 09:05:42 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id b13so5360012wgh.17 for <tls@ietf.org>; Sun, 27 Apr 2014 09:05:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=0JvbZb4RzEyFFad5Ox3Efh5KWeuUVeLhkkQh1on1ut0=; b=hhX0m4ufcYTl25FrYxjbT2fVajtQeuOq046pm8R7PZ6FK5q7Np0LURj8+UozQ3V9zf u+cPx2gfilOM93nkJ9tq56OIkuosctcZepC4ygQq8OUaEQ3pAecPLujiEDkLZjbMNYgV odpCCCLU2I6neSbrb5TxDyzE6mtGLR5SVIbZSU0+uCRAnTFkhWr7+ZXswpRcDjCmlLgz 6d70SSO/jBMaECihPVohUSOaKF5JHCJqUHbWw8EUcEFKOxSjtefV/JnnjXJklE/+K083 R2u4nAGbRCyt0nJ5MeE0PRAjmG9wyy8ZF//Es6zNAPijLsPPtuYzJwEapPPiWcAfOr3e QYmg==
X-Gm-Message-State: ALoCoQmeE9JldayZQABeF8TXwanSUHzkd/oAm0zOKjoJILEbZe4JTnT1G/cpg036WLo5QdR2om9C
X-Received: by 10.180.91.161 with SMTP id cf1mr11679227wib.49.1398614741582; Sun, 27 Apr 2014 09:05:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Sun, 27 Apr 2014 09:05:00 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <CABcZeBMuvQ0s+Rm9opdJZ8-f+=tHUd6wLoSDpF8C7cTfQG3yRg@mail.gmail.com>
References: <DA7A3139-EE44-4FE2-B674-4ECAE4D51079@cisco.com> <C490E2C7-6435-4483-9C82-89A9F00392F4@cisco.com> <CABcZeBMuvQ0s+Rm9opdJZ8-f+=tHUd6wLoSDpF8C7cTfQG3yRg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 27 Apr 2014 09:05:00 -0700
Message-ID: <CABcZeBN-ra5UNr+pTY_VTpCQFmqfxrj3UBtnaxMVFmuJbRcOMg@mail.gmail.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Content-Type: multipart/alternative; boundary="f46d043bdf66d9a10a04f8085e3b"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/sRLsH0JenVmXAi5wMTV1IDCE6GM
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirmation of Consensus on Removing Compression from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Apr 2014 16:05:45 -0000

The pull request is at:

https://github.com/tlswg/tls13-spec/pull/29

Please reply on-list by end of Tuesday 4/29 if you see significant
errors with this change. (Editorial issues can just be submitted
as pull requests to the relevant branch).

Note: if you find an issue after I've merged the change, you can
just submit an issue as usual. That's what revision control is for...

-Ekr



On Sat, Apr 26, 2014 at 8:35 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> Acknowledged.
>
> I will prepare these changes (and those for the other two issues) as git
> pull
> requests and notify the list so that people can confirm that the changes
> accurately capture the consensus of the WG.
>
> -Ekr
>
>
>
> On Sat, Apr 26, 2014 at 8:24 AM, Joseph Salowey (jsalowey) <
> jsalowey@cisco.com> wrote:
>
>> We have strong confirmation of consensus to remove compression from TLS
>> 1.3.   The Editor is requested to make the appropriate changes to the draft
>> on github.
>>
>> Joe
>> [For the chairs]
>> On Mar 26, 2014, at 11:42 AM, Joe Salowey <jsalowey@cisco.com> wrote:
>>
>> > The use of compression within TLS has resulted in vulnerabilities that
>> can be exploited to disclose TLS encrypted application data.   The
>> consensus in the room at IETF-89 was to remove compression from TLS 1.3 to
>> remove this attack vector.  If you have concerns about this decision please
>> respond on the TLS list by April 11, 2014.
>> >
>> > Thanks,
>> >
>> > Joe
>> > [Speaking for the TLS chairs]
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
>