Hi Watson,
Though I've read a few pages explaining how CRIME and BEAST attacks work, I
still do not see well how TLS-level compression would make NNTP vulnerable.
Same thing for POP or IMAP I believe.
The news server does not leak information. The responses are just OK or KO.
This analysis would predict that HTTP isn't vulnerable.
I don't understand that point for AUTHINFO.
NNTP only answers "281 Authentication succeeded" or "481 Authentication
failed" here, whereas HTTP response bodies are far more complex and part
of the request may be reflected in the response.
--
Julien ÉLIE
« Etna : lave dévalante. »
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
