On Thu, Mar 10, 2016 at 02:18:51pm -0500, Robert Moskowitz wrote:
> Fair point. I really cannot convert TLS specifications to packet
> content. I suspect there are things exposed?
[snip]
> I do suspect that TLS is different in how it does compression, and if it
> is being abandoned, so sad.
quite possibly.
> But can you point me to a paper on the TLS compression attack?
I'm afraid not, I just recall reading up on some of the TLS attacks
when they were publicised, and seeing that some of them were related
to compression. A bit of poking around though yielded:
http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
I also spotted this, but it doesn't add much:
https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/abstracts/barghavan.pdf
I did avail myself of google before my prior email, it suggested CRIME
and BREACH. Where the latter seems to be HTTP specific, and a chosen
plain text attack.
So all I'm suggesting is to be careful, and do appropriate comparisions,
to see if one can ensure enabling compression does not enable an attack
mode similar to those seen with TLS. Since I'm not sure if the lack
of attacks against ESP+IPCOMP is due to inherent robustness, or simply
a lack of trying.
DF
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec
