Hi, On 01/29/2016 07:07 PM, John Levine wrote: >> Compression has been removed completely from TLS v1.3, the outcome of >> the room consensus at IETF-89. > > Bummer. > > Well, in that case, here's a straw man proposal. > > The extension name is COMPRESS, the EHLO keyword is COMPRESS and is > followed by a space-separated list of compression schemes, currently > consisting only of DEFLATE (RFC 1951.)
The XMPP community having an application layer compression extension protocol already, <http://xmpp.org/extensions/xep-0138.html>, it is pretty much like your proposal. While CRIME may be less applicable to non-HTTP-protocols, such attacks are not impossible, as demonstrated by Thijs Alkemade a few years back: https://blog.thijsalkema.de/blog/2014/08/07/https-attacks-and-xmpp-2-crime-and-breach/ http://mail.jabber.org/pipermail/standards/2014-October/029215.html The takeaway here is to 1) not allow compression until after any authentication has been done and 2) flush the compression state between messages (if the sever supports sending multiple messages over the same SMTP session). -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
