Re: [TLS] TLS 1.3 - Support for compression to be removed

Eric Rescorla wrote: > > That is what the document says: > "Versions of TLS before 1.3 supported compression and the list of > compression methods was supplied in this field. For any TLS 1.3 > ClientHello, this field MUST contain only the ?null? compression method > with the code point of 0. If a

Re: [TLS] TLS 1.3 - Support for compression to be removed

On Wednesday, October 07, 2015 03:51:57 pm Martin Rex wrote: > However, it is RECOMMENDED > that implementations which support compression provide a configuration > option allowing consumers to disable the use of compression in TLS. Risky features like compression should be off by default. Da

Re: [TLS] TLS 1.3 - Support for compression to be removed

On Wed, Oct 7, 2015 at 9:51 PM, Martin Rex wrote: > Eric Rescorla wrote: > > > > That is what the document says: > > "Versions of TLS before 1.3 supported compression and the list of > > compression methods was supplied in this field. For any TLS 1.3 > > ClientHello, this field MUST contain only

Re: [TLS] TLS 1.3 - Support for compression to be removed

Eric Rescorla wrote: > Martin Rex wrote: >> Eric Rescorla wrote: >>> >>> That is what the document says: >>> "Versions of TLS before 1.3 supported compression and the list of >>> compression methods was supplied in this field. For any TLS 1.3 >>> ClientHello, this field MUST contain only the ?null

Re: [TLS] TLS 1.3 - Support for compression to be removed

On Wed, Oct 7, 2015 at 11:11 PM, Martin Rex wrote: > Eric Rescorla wrote: > > Martin Rex wrote: > >> Eric Rescorla wrote: > >>> > >>> That is what the document says: > >>> "Versions of TLS before 1.3 supported compression and the list of > >>> compression methods was supplied in this field. For

Re: [TLS] TLS 1.3 - Support for compression to be removed

However, for those ClientHello’s that support older versions, the compression_method field may contain other values. This means that if a TLSv1.3 client happened to support compression for TLSv1.2, it would be unable to negotiate that via a single ClientHello. There’s no way to attempt to negoti

Re: [TLS] TLS 1.3 - Support for compression to be removed

"Short, Todd" writes: > In effect, the document is stating that a TLSv1.3 client MUST NOT > support compression, regardless of the protocol version that may be > negotiated. I believe that is the intent, yes. I support both the current wording in draft 09 (no compression for clients or servers,

Re: [TLS] TLS 1.3 - Support for compression to be removed

On Wed, Oct 7, 2015 at 11:28 PM, Short, Todd wrote: > However, for those ClientHello’s that support older versions, the > compression_method field may contain other values. This means that if a > TLSv1.3 client happened to support compression for TLSv1.2, it would be > unable to negotiate that vi

Re: [TLS] TLS 1.3 - Support for compression to be removed

On 10/8/15 at 9:43 PM, e...@rtfm.com (Eric Rescorla) wrote: Yes, this is what I believe it says and what I believe the WG had consensus on, the reasoning being that we really wished to just remove the feature entirely. If the chairs declare consensus on something else, I will of course edit it t