IETF Logo Mail Archive

Re: [TLS] TLS 1.3 - Support for compression to be removed

Martin Thomson <martin.thomson@gmail.com> Mon, 05 October 2015 04:01 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A84DF1B2EB6 for <tls@ietfa.amsl.com>; Sun, 4 Oct 2015 21:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsjoljhwoN0A for <tls@ietfa.amsl.com>; Sun, 4 Oct 2015 21:01:20 -0700 (PDT)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E7561B2EB3 for <tls@ietf.org>; Sun, 4 Oct 2015 21:01:20 -0700 (PDT)
Received: by ykft14 with SMTP id t14so160108255ykf.0 for <tls@ietf.org>; Sun, 04 Oct 2015 21:01:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XvXaqPQXk3yIpNJ5meEsFPlK22wTktORgT9WbQQF900=; b=U2fItwORody3LZKwrd1JSX3ngdt+PJCJ/p+/7uSBwjD+0fdIH2xYTEn5Is8jPNM9C5 FW1rGRjvfM1Dyk1luVrh2hBNB7B1T36SmcKPZlcdWn/Hvis2ZwI0DqDW1CTm98sPvlHv lV6mVVx8sU8OP+udoznaosE6BgBQ7jQWayE3PIn1WmTPVvvaB/qexYBBfEyzuDEYUhcj 7l87GQixPk6JQaxHnxo10JllO8zfH2By1H51Fy4XnGFskU/oJ52l063g5ya+ZTRqo91e stFCL+k0K5hEOlaQ1bNZ1loQtR+L8RNIOINJSwD8O4LKA4hgH6QHUrNMW9Pd6fDQw+eU 7BbA==
MIME-Version: 1.0
X-Received: by 10.170.173.1 with SMTP id p1mr22650032ykd.101.1444017679312; Sun, 04 Oct 2015 21:01:19 -0700 (PDT)
Received: by 10.13.230.78 with HTTP; Sun, 4 Oct 2015 21:01:18 -0700 (PDT)
In-Reply-To: <CABcZeBOD+jwFDaed6sqfBGabR1kpRjnAvAb5Pm9jCk43=s4Fzg@mail.gmail.com>
References: <79C632BCF9D17346A0D3285990FDB01AA3B9DAD8@HOBEX21.hob.de> <55FC5822.5070709@trigofacile.com> <77583acbe981488493fd4f0110365dae@ustx2ex-dag1mb1.msg.corp.akamai.com> <55FC7343.3090301@trigofacile.com> <6796F70E-44FD-4CD8-A691-6D0BFAE6EFDC@cs.meiji.ac.jp> <682cb934aeeb42fabdf1fecfccf4c5b5@ustx2ex-dag1mb3.msg.corp.akamai.com> <7E1B8B3D-DEF5-439A-8E56-0CB2DFC061A8@cs.meiji.ac.jp> <ED4C2E8B-3327-451E-8E59-D87705B935C8@gmail.com> <84faf2113b9946f79763886867d65925@ustx2ex-dag1mb3.msg.corp.akamai.com> <CAH8yC8=JcWo+4rtymKLCfs3aKFQmCc+C4jD0eb74jbfMLJFAaw@mail.gmail.com> <CABcZeBOD+jwFDaed6sqfBGabR1kpRjnAvAb5Pm9jCk43=s4Fzg@mail.gmail.com>
Date: Sun, 04 Oct 2015 21:01:18 -0700
Message-ID: <CABkgnnX_3VZZLb8HdM=zqLp70dsURM1gPiSZdE9nzDByaMkBzw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xjAwHvuICyTky9pk34z9_7LGFMw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 - Support for compression to be removed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 04:01:21 -0000

On 4 October 2015 at 19:26, Eric Rescorla <ekr@rtfm.com> wrote:
> Consider the trivial case of ASCII text. Each character takes up the
> same amount of room, but if you compress (as an intuition pump,
> think of a simple Huffman code), then more common characters
> take up less room than less common characters.

This is right, but it's also not the case that revealing information
like that is necessarily bad.  Perhaps it isn't that interesting to an
adversary that they can learn that there is (for example) English text
being exchanged.  That wouldn't be particularly relevant in helping
them distinguish between ciphertext that contains interesting text
from ciphertext containing uninteresting text.

HPACK for instance compresses base64-encoded data unevenly.  But the
study that was run in 2013 determined that it wasn't especially
interesting. [32] shows ~2 bits regained from a 30 character word.  Of
course, you should examine the conditions on that claim; such a result
is not generally applicable.  Mixing attacker-controlled data with
secrets has shown to make protecting those secrets extremely
difficult.

[32] http://pdl.cmu.edu/PDL-FTP/associated/CMU-PDL-13-106.pdf

v2.23.0 | Report a Bug | By Email