On Thu, Mar 10, 2016 at 02:18:51pm -0500, Robert Moskowitz wrote: > Fair point. I really cannot convert TLS specifications to packet > content. I suspect there are things exposed? [snip] > I do suspect that TLS is different in how it does compression, and if it > is being abandoned, so sad. quite possibly.
> But can you point me to a paper on the TLS compression attack? I'm afraid not, I just recall reading up on some of the TLS attacks when they were publicised, and seeing that some of them were related to compression. A bit of poking around though yielded: http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf I also spotted this, but it doesn't add much: https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/abstracts/barghavan.pdf I did avail myself of google before my prior email, it suggested CRIME and BREACH. Where the latter seems to be HTTP specific, and a chosen plain text attack. So all I'm suggesting is to be careful, and do appropriate comparisions, to see if one can ensure enabling compression does not enable an attack mode similar to those seen with TLS. Since I'm not sure if the lack of attacks against ESP+IPCOMP is due to inherent robustness, or simply a lack of trying. DF _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec