On Tue, Sep 22, 2015 at 6:23 AM, Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote:
> Also, if compression is moved from TLS to upper layer(s) - how would it > mitigate compression-related attacks? Besides "now it's somebody else's > problem"? This is the wrong way of looking at it. Keeping compression in TLS endorses unsafe usage of a feature known to introduce compression sidechannels. Whether other protocols decide to introduce their own secondary compression layer is their own prerogative. But an unsafe feature shouldn't be kept in TLS just because some protocols want to do unsafe things and are too lazy to implement their own compression. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
