IETF Logo Mail Archive

Re: [TLS] TLS 1.3 - Support for compression to be removed

Dave Garrett <davemgarrett@gmail.com> Tue, 22 September 2015 20:06 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC271B2D1E for <tls@ietfa.amsl.com>; Tue, 22 Sep 2015 13:06:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2hB-gR_ueVL9 for <tls@ietfa.amsl.com>; Tue, 22 Sep 2015 13:06:11 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6CF1B2D1D for <tls@ietf.org>; Tue, 22 Sep 2015 13:06:11 -0700 (PDT)
Received: by ykdg206 with SMTP id g206so21236151ykd.1 for <tls@ietf.org>; Tue, 22 Sep 2015 13:06:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=CE7npoD7YVIlMv84rV5uBYAlXKfvxvJC0p68L0WjDBM=; b=WK2CQHGDCVPSuAJtw60f20Fg3ix0IZSNgVvuTVILtiv7Iw07gaBt2ACMypDUGRlzHj uCdyJYLRggtGMTcIVlDJH+GoqQa1dPnIwmGx1LvGuVjil+L54mkGKhPROoI/p01lYf7p LaGcVgX+5sijLmbi0+dwZeqU1Ze2iCnXAN4Ocscj4Bojjs+nhPtaq2kMzM3AR0gzo7N+ Wm5fDAKS/zJEM3lOuM3VikEGasFgGHVpls/Hf2QBGRPahhOvh7bhb5WEOxUzWgPHbUs5 WJ8U25pwQJvUUvwGJUtdCOdsH+4yYoBLb6EG6ptItZJ9YgVkVhmZuzr9hZTcWNQNTIUY 82UA==
X-Received: by 10.13.193.133 with SMTP id c127mr6355888ywd.18.1442952371137; Tue, 22 Sep 2015 13:06:11 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id u8sm1952007ywe.17.2015.09.22.13.06.10 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 22 Sep 2015 13:06:10 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, Yoav Nir <ynir.ietf@gmail.com>
Date: Tue, 22 Sep 2015 16:06:09 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <20150922132321.17789008.2591.24358@ll.mit.edu> <a3e83d0bbb994343b6715c958422438f@ustx2ex-dag1mb1.msg.corp.akamai.com> <92D67610-81FD-4515-AFE6-910E8B4E0F44@gmail.com>
In-Reply-To: <92D67610-81FD-4515-AFE6-910E8B4E0F44@gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201509221606.09638.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vhq_bTLKgPq_3Ri-F65xtSPw3pE>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 20:06:13 -0000

On Tuesday, September 22, 2015 03:44:41 pm Yoav Nir wrote:
> people did not complain much when browser vendors removed compression following the CRIME attacks

To be fair, they didn't remove anything that was heavily used. Mozilla never even implemented TLS compression in Firefox. Google Chrome seems to be the only browser that tried and was hit with CRIME for HTTPS. Google and Mozilla got hit with it for SPDY, but removing compression in an experimental protocol isn't that much of a loss. I don't suspect too many servers supported TLS compression either, though I don't have data for that side of things.


Dave

v2.23.0 | Report a Bug | By Email