Ø This attack is compression at the application layer not ssl compression. TLS fails to protect the application layer data.
SSL also fails to protect application layer data when the application decides
to include key material.
There are limits to what can be done.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
