Re: [TLS] TLS 1.3 - Support for compression to be removed

Eric Rescorla <ekr@rtfm.com> Sat, 03 October 2015 22:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF571A887A for <tls@ietfa.amsl.com>; Sat, 3 Oct 2015 15:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdZJS9QcdxdK for <tls@ietfa.amsl.com>; Sat, 3 Oct 2015 15:56:29 -0700 (PDT)
Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B99BC1A885B for <tls@ietf.org>; Sat, 3 Oct 2015 15:56:28 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so70548741wic.0 for <tls@ietf.org>; Sat, 03 Oct 2015 15:56:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=zd52+gJKpCeNEEFdugjZWaXmumBBW+/4dQw1bL9FUl0=; b=Pw4/97M8YWsqH7Zd4/+jznMONNGQN7OsmbYDnL3+4AdZ8SPx1kg5d+fovg3zwG6gJ4 AU+4sl1LRLXRKxYXuBY/tj5io/xTFg0Df3jk2DWefhZW/hDftMdbMwYpgvKuogrzMJqt f9Bx7RXVolYpQmA+3kdX8fIIDl7sSrfQZUCqBHybUPLOo//W1qiybyo5aZbI8yElV3Vc awqcQGdaC0iTs2ZAFAFb5/FIasdWDZ5JjuTXoWjeBGnMlcskq5VZWcYyAf6Gisu9SNSg n9niK6lOK0PbjsTvC5l8b9vH1VmUNjhENm4gfkCrPBvuNJMYg94HvAXL5P3i7hw0dEwE ba4A==
X-Gm-Message-State: ALoCoQngpS4u13TttCwC2iP1Te52M1apEoDbdfdJyR2PmhBrDjmD2w8XbBPGgoJGgzjVYCXSE8MP
X-Received: by 10.194.48.81 with SMTP id j17mr22148574wjn.81.1443912987132; Sat, 03 Oct 2015 15:56:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.79.200 with HTTP; Sat, 3 Oct 2015 15:55:47 -0700 (PDT)
In-Reply-To: <775C14FF-8F23-44E4-9A80-9F4F65217B86@cs.meiji.ac.jp>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com> <6796F70E-44FD-4CD8-A691-6D0BFAE6EFDC@cs.meiji.ac.jp> <560E8DA8.8020903@zinks.de> <775C14FF-8F23-44E4-9A80-9F4F65217B86@cs.meiji.ac.jp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 03 Oct 2015 15:55:47 -0700
Message-ID: <CABcZeBN4d7ZBxiq7JRy47EGH7+=604_HQgyNtgvJ2dOM7bsYNg@mail.gmail.com>
To: takamichi saito <saito@cs.meiji.ac.jp>
Content-Type: multipart/alternative; boundary="047d7b86c190af5f4605213b30da"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xDlcrfuFYZP-az_363YKkyl9R4M>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2015 22:56:31 -0000

On Sat, Oct 3, 2015 at 3:36 PM, takamichi saito <saito@cs.meiji.ac.jp>
wrote:

>
> On 2015/10/02, at 22:59, Roland Zink wrote:
>
> > Browsers are not a concern as they already have their own comp/decomp
> codes. HTTP/1 can compress content (Content-encoding and transfer-encoding)
> and HTTP2 has additional header compression.
> >
> > Regards,
> > Roland
> >
>
> I see,
> but contrary,
> tls is only for browser?
>
> And more,
> if you kick out comp/decomp from tls,
> can we be safer when we use tls?
> If you know the paper, please teach me.
>
> Or, rfc or good teacher should notify us,
> "When you use TLSv1.3, you never use compression, sorry!"
>

That is what the document says:
"Versions of TLS before 1.3 supported compression and the list of
compression methods was supplied in this field. For any TLS 1.3
ClientHello, this field MUST contain only the “null” compression method
with the code point of 0. If a TLS 1.3 ClientHello is received with any
other value in this field, the server MUST generate a fatal
“illegal_parameter” alert. Note that TLS 1.3 servers may receive TLS 1.2 or
prior ClientHellos which contain other compression methods and MUST follow
the procedures for the appropriate prior version of TLS."

-Ekr



> I know it may be out scope,
> but we have to estimate the risk.
>
> regards,
>
>
> >
> > Am 02.10.2015 um 15:08 schrieb takamichi saito:
> >>> Do we know how many protocols currently suffer from CRIME?
> >>>
> >>>
> >>> Maybe a best practice could be suggested by UTA for the implementation
> of TLS in software, to disable compression if vulnerable.  And for the
> others, to implement a way to enable/disable compression in case one day a
> vulnerability is found.
> >> I agree.
> >>
> >> Again,
> >>
> >> 1) We know CRIME threat, but it can not be risk for everyone.
> >> e.g., CVSS v2 Base Score: 2.6 (LOW)
> >>
> >> 2) If we need to have comp/decomp in an application layer,
> >>  clients such like browser need their own comp/decomp codes.
> >>
> >> 3) If there is no comp in tls1.3, some people may continue to use
> tls1.2.
> >> Which one is safer, "tls1.2" v.s. "tls1.3 with comp/decomp" ?
> >>
> >> That's why we explore the way to keep compression in TLSv1.3.
> >> How about making an option only in server-side?
> >> The spec has the compression but default is off, and also provides the
> suggestion.
> >>
> >>
> >>> --
> >>> Julien ÉLIE
> >>>
> >>> « La vraie valeur d'un homme se mesure lorsqu'il a tout perdu. »
> >>>
> >>> _______________________________________________
> >>> TLS mailing list
> >>> TLS@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/tls
> >>
> >> ;; takamixhi saito
> >> c2xhYWlidHNvcw
> >>
> >> _______________________________________________
> >> TLS mailing list
> >> TLS@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tls
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
>
> ;; takamixhi saito
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>