Hi all,
the proposed cease of support for compression in the new TLS 1.3 protocol
[...]
Since we at HOB, use SSL to maintain long-running VPN connections, might it be possible to - at least - maintain the status quo of the TLS - protocol in this aspect, enabling and disabling compression if needed?
I would also be in favour of having the ability to control whether compression is enabled. INN (a wide-spread news server) even permits to control that with its configuration file (we have a tlscompression parameter in inn.conf that can be set to false if needed). Other parameters (tlsciphers, tlseccurve, tlspreferserverciphers and tlsprotocols) also permit to tweak the allowed ciphers, etc. that can be used.
Besides, as far as I know, the NNTP protocol is not vulnerable to CRIME attacks.
Also please note that a common use of TLS for NNTP is to enable compression (security is not always necessary), as RFC 4642 recalls:
The STARTTLS command is usually used to initiate session security, although it can also be used for client and/or server certificate authentication and/or data compression. -- Julien ÉLIE « Petite annonce : Sourd rencontrerait sourde pour terrain d'entente. » _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
