IETF Logo Mail Archive

Re: [TLS] TLS 1.3 - Support for compression to be removed

Watson Ladd <watsonbladd@gmail.com> Thu, 08 October 2015 18:53 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 012E91A9248 for <tls@ietfa.amsl.com>; Thu, 8 Oct 2015 11:53:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdCw0_m6tiEQ for <tls@ietfa.amsl.com>; Thu, 8 Oct 2015 11:53:46 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E593A1A9240 for <tls@ietf.org>; Thu, 8 Oct 2015 11:53:45 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so41405494wic.1 for <tls@ietf.org>; Thu, 08 Oct 2015 11:53:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WpAO7xQt4ED7rgXVBVY1oSL9LaDD03GDB/31O9YVrDw=; b=HIK+aYFFsCp9gVL/5DEfqmASdGltFEIFWU3uium6geeJ3vIrKyJdn5c2mQDcn+vArz MfYO9xqLjji9tLk47EmoWu5Mbo+Sk1twjb4wNnPX57WiidKLybBtSuHZuv0Ucs4ydAS4 4RXNK+Ys1CY65YZdlRz0YQEw92Sg5/t9wQHgRzrRPQGzzmaOa6aSuNwZofLEmmHN5Sl2 Lj/ipTRC/y0RQorMatxQSetf28Hwd4TSy7nZTVd78tjUP5fTNwD1GJGxT28h3lsA5aqg 44vR1oA5fMH84vX2WrzmHUBw4Bmmtyax7P9uMaPrBY3EAFYHoSKpuhL/hnlEvGS9AVZY AEWQ==
MIME-Version: 1.0
X-Received: by 10.194.175.232 with SMTP id cd8mr10541629wjc.45.1444330424487; Thu, 08 Oct 2015 11:53:44 -0700 (PDT)
Received: by 10.28.51.145 with HTTP; Thu, 8 Oct 2015 11:53:43 -0700 (PDT)
Received: by 10.28.51.145 with HTTP; Thu, 8 Oct 2015 11:53:43 -0700 (PDT)
In-Reply-To: <CAH8yC8=JS3sWGR5JZYB2Vvf_sqsVFv4ZEa0ti1cUL-EthYvFgw@mail.gmail.com>
References: <CABcZeBNfFHR3eDi1yoifOuZ_ALMPN+xRo1nBx+qk19J+LQjmLw@mail.gmail.com> <20151007211155.384AC1A2C5@ld9781.wdf.sap.corp> <CABcZeBPoF9Qm=ySx+xXkLCegWn1j=06LP+KPcZ=6N7NAbodBew@mail.gmail.com> <49943603-287F-4C78-AEC1-45628554C190@akamai.com> <CABcZeBNkePGEhTyZs6_7dtnyiP5cVKkcSUzcD-NspZti2-MVPg@mail.gmail.com> <CAHOTMV+Lbn1iW3uBiKyYeejTvoQDr+nn+C6vLd2sioNtfgkQTA@mail.gmail.com> <CAH8yC8=JS3sWGR5JZYB2Vvf_sqsVFv4ZEa0ti1cUL-EthYvFgw@mail.gmail.com>
Date: Thu, 08 Oct 2015 14:53:43 -0400
Message-ID: <CACsn0cnbEEApmX2hzTSVTnaJi4XgvKi+P0F5o=XZ4U+m2gfPcw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: noloader@gmail.com
Content-Type: multipart/alternative; boundary="089e013d1020e3d3b005219c6144"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/t6xxwf1G2o5EZ8fRwvU4fRXn1ps>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 18:53:49 -0000

On Oct 8, 2015 12:56 PM, "Jeffrey Walton" <noloader@gmail.com> wrote:
>
> On Thu, Oct 8, 2015 at 12:53 AM, Tony Arcieri <bascule@gmail.com> wrote:
> > On Wed, Oct 7, 2015 at 9:43 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> >>
> >> Yes, this is what I believe it says and what I believe the WG had
> >> consensus
> >> on, the reasoning being that we really wished to just remove the
feature
> >> entirely. If the chairs declare consensus on something else, I will of
> >> course edit
> >> it to say something else.
> >
> >
> > I think it would be prudent for the chairs to give some sort of
judgment on
> > this issue, given the high volumes of mailing list traffic created by a
> > small number of detractors despite what is otherwise a rough consensus
>
> That's kind of a loaded request.
>
> We would need to know the security goals and objectives to ensure
> things are progressing as expected. As far as I know, they are not
> stated anywhere.

Not true: secure channel abstractions are well understood.
>
> For example, if a goal is to ensure TLS is trouble free and does not
> get egg on its face, then the goal is met by removing compression
> altogether. If the goal is to ensure TLS users are safe, then the
> result will likely fail to meet expectation because there will be
> 1,000's of incorrect, 1-off solutions.

No generic solution will solve the problem. Knowledge of what applications
do is required for secure compression. Do you have a proposal that
addresses the problems we've duscussed? And please, stop using words like
"safe" and "users" and start using words like "universal composability" and
"adversarial model" if you actually want to think through these issuses.

>
> The failed goal assumes not everyone RTFM's, which I think is
> reasonable given past history. I can't help but feel if RTFM was going
> to work, it would have happened in the last 30 or 50 years or so.

Are you denying that the TLS compression option lead to attacks?

>
> Jeff
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email