On 4 October 2015 at 21:06, Eric Rescorla wrote:
>
> Yes, if the attacker can provide their own data, it makes matters worse,
> but as the reference I provided indicated, there are potential security
> issues even if the attacker is not able to do so, provided that the data
> is sufficiently redun
On Sun, Oct 4, 2015 at 9:01 PM, Martin Thomson
wrote:
> On 4 October 2015 at 19:26, Eric Rescorla wrote:
> > Consider the trivial case of ASCII text. Each character takes up the
> > same amount of room, but if you compress (as an intuition pump,
> > think of a simple Huffman code), then more com
On Sun, Oct 4, 2015 at 7:19 PM, Jeffrey Walton wrote:
> On Sun, Oct 4, 2015 at 9:28 PM, Salz, Rich wrote:
> >> There are many lessons to be learned from this: that a bearer token
> that is
> >> repeated many times is not a good idea; that the trust model in the web
> is
> >> not great; but also
> There are many lessons to be learned from this: that a bearer token that is
> repeated many times is not a good idea; that the trust model in the web is
> not great; but also that blindly compressing content with no regard to its
> structure and sources is dangerous and reveals information about
On Sun, Oct 4, 2015 at 1:01 PM, Jeffrey Walton wrote:
> >> Typically compression is used to lower the overall size of data,
> working on
> >> a wide class of inputs. In the perceptual coding case the class of
> inputs
> >> is constrained, and the goal is to keep the data rate constant, not
> >> o
On Sun, Oct 4, 2015 at 1:01 PM, Jeffrey Walton wrote:
> >> Typically compression is used to lower the overall size of data,
> working on
> >> a wide class of inputs. In the perceptual coding case the class of
> inputs
> >> is constrained, and the goal is to keep the data rate constant, not
> >> o
On Sun, Oct 4, 2015 at 4:01 PM, Jeffrey Walton wrote:
>>> Typically compression is used to lower the overall size of data, working on
>>> a wide class of inputs. In the perceptual coding case the class of inputs
>>> is constrained, and the goal is to keep the data rate constant, not
>>> optimally
On Sunday, October 04, 2015 03:00:33 pm Tony Arcieri wrote:
> On Sun, Oct 4, 2015 at 11:50 AM, Dave Garrett
> wrote:
> > I can think of a way to do this, but the people who want compression badly
> > probably won't like it due to the need to pad heavily.
> >
> > 1) Pick a fixed bandwidth
> > 2) Co
On Sunday, October 04, 2015 02:48:19 pm Jeffrey Walton wrote:
> If I am reading things correctly: the group has effectively
> encountered a security problem, deemed it to be too hard for them, and
> then pushed it into another layer where folks are even less equipped
> to deal with it. Is that corr
On Sunday, October 04, 2015 02:09:49 pm Tony Arcieri wrote:
> If someone has produced a secure system for "compression side-channel
> resistant encryption", I haven't seen it.
I can think of a way to do this, but the people who want compression badly
probably won't like it due to the need to pad
On Sunday, October 04, 2015 01:58:09 pm Jeffrey Walton wrote:
> Is that necessarily true?
It should be apparent by now that the dominant opinion is that compression in
TLS is not worth the risk and not worth the time to attempt to deal with here.
Whether or not a generic compression algorithm co
On Sun, Oct 4, 2015 at 10:58 AM, Jeffrey Walton wrote:
> > The takeaway for me is you can't mix compression, any fixed value an
> > attacker wishes to learn, and attacker-controlled data, or there will be
> a
> > compression side-channel.
>
> Is that necessarily true?
>
> Deflate violates semanti
>> An even more executive-level lesson might be that security layers should
>> not provide non-security services, but that is not really convincing because
>> if there was a separate compression layer that you could compose with the
>> security layer in TLS, CRIME would still be possible. To compre
On Sat, Oct 3, 2015 at 4:54 PM, Yoav Nir wrote:
> An even more executive-level lesson might be that security layers should
> not provide non-security services, but that is not really convincing
> because if there was a separate compression layer that you could compose
> with the security layer in
14 matches
Mail list logo
