My bad there were some messages sitting in the moderator queue that I let go.
spt
> On Nov 02, 2015, at 10:01, Dave Garrett wrote:
>
> On Sunday, November 01, 2015 07:53:50 pm Russ Housley wrote:
>> I thought we already decided to remove compression from TLS 1.3.
>
> We did.
>
> See here:
> h
On Sunday, November 01, 2015 07:53:50 pm Russ Housley wrote:
> I thought we already decided to remove compression from TLS 1.3.
We did.
See here:
https://www.ietf.org/mail-archive/web/tls/current/msg17941.html
On Thursday, October 08, 2015 10:10:51 pm Scott Arciszewski wrote:
> Compression has n
I thought we already decided to remove compression from TLS 1.3.
Russ
On Oct 8, 2015, at 10:10 PM, Scott Arciszewski wrote:
> Based on CRIME and BREACH we know that this construction is not secure:
>
> C = encrypt(compress(A || B))
>
> If you control B and A contains sensitive information, st
Based on CRIME and BREACH we know that this construction is not secure:
C = encrypt(compress(A || B))
If you control B and A contains sensitive information, strlen(C) tells you
information about A. Vice versa if you control A and B contains sensitive
information.
In the context of a web applicat
