Re: [TLS] TLS 1.3 - Support for compression to be removed

Julien ÉLIE <> Fri, 18 September 2015 18:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D8F571B306D for <>; Fri, 18 Sep 2015 11:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.45
X-Spam-Level: *
X-Spam-Status: No, score=1.45 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iyvrIICUlUxX for <>; Fri, 18 Sep 2015 11:29:58 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A1C131B305A for <>; Fri, 18 Sep 2015 11:29:57 -0700 (PDT)
Received: from macbook-pro-de-julien-elie.home ([]) by mwinf5d43 with ME id JiVu1r00F4E7NBX03iVuu5; Fri, 18 Sep 2015 20:29:55 +0200
X-ME-Helo: macbook-pro-de-julien-elie.home
X-ME-Auth: anVsaWVuLmVsaWU0ODdAd2FuYWRvby5mcg==
X-ME-Date: Fri, 18 Sep 2015 20:29:55 +0200
References: <>
From: Julien ÉLIE <>
Organization: TrigoFACILE --
Message-ID: <>
Date: Fri, 18 Sep 2015 20:29:54 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Sep 2015 18:30:01 -0000

Hi all,

> the proposed cease of support for compression in the new TLS 1.3 protocol
> Since we at HOB, use SSL to maintain long-running VPN connections, might
> it be possible to - at least - maintain the status quo of the TLS -
> protocol in this aspect, enabling and disabling compression if needed?

I would also be in favour of having the ability to control whether 
compression is enabled.
INN (a wide-spread news server) even permits to control that with its 
configuration file (we have a tlscompression parameter in inn.conf that 
can be set to false if needed).  Other parameters (tlsciphers, 
tlseccurve, tlspreferserverciphers and tlsprotocols) also permit to 
tweak the allowed ciphers, etc. that can be used.

Besides, as far as I know, the NNTP protocol is not vulnerable to CRIME 

Also please note that a common use of TLS for NNTP is to enable 
compression (security is not always necessary), as RFC 4642 recalls:

    The STARTTLS command is usually used to initiate session security,
    although it can also be used for client and/or server certificate
    authentication and/or data compression.

Julien ÉLIE

« Petite annonce : Sourd rencontrerait sourde pour terrain
   d'entente. »