Ø This attack is compression at the application layer not ssl compression.
TLS fails to protect the application layer data.
SSL also fails to protect application layer data when the application decides
to include key material.
There are limits to what can be done.
/r$
--
Pri
This attack is compression at the application layer not ssl compression.
TLS fails to protect the application layer data.
On Aug 6, 2013 10:18 AM, "Viktor Dukhovni"
wrote:
> On Tue, Aug 06, 2013 at 09:20:06AM -0500, Rodney Beede wrote:
>
> > Why can't we get a simplified version of TLS that has o
On Tue, Aug 06, 2013 at 09:20:06AM -0500, Rodney Beede wrote:
> Why can't we get a simplified version of TLS that has only one option of
> the most secure cipher and isn't vulnerable to things like BEAST, CRIME, or
> BREACH?
These are not TLS problems, these are a special case of cross-site
HTML/
