On 11/29/16 at 5:28 AM, [email protected] (Salz, Rich) wrote:
Sure, here's my compressed cert. Ignore the fact that it's named "42.zip" --
see https://en.wikipedia.org/wiki/Zip_bomb
The risks of uncompressing data sent from a counterparty who has not yet been
authenticated, do not outweigh the gains.
There is a long history of successful attacks on systems through
zip decompressors.
In general, adding complexity to a security system makes it
harder to understand, easier to compromise and less secure.
If the problem is that certificates are too big, fix that
problem at the source.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Privacy is dead, get over | Periwinkle
(408)356-8506 | it. | 16345
Englewood Ave
www.pwpconsult.com | - Scott McNealy | Los Gatos,
CA 95032
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
