On Sun, Oct 4, 2015 at 1:01 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> >> Typically compression is used to lower the overall size of data, > working on > >> a wide class of inputs. In the perceptual coding case the class of > inputs > >> is constrained, and the goal is to keep the data rate constant, not > >> optimally small. > > > > Yep. You could do this in bursts with different caps each time to get it > to work with bursty things like HTTP & other general data transfer > protocols. Without a really good modern compression algorithm, though, it > isn't that appealing. Once these caveats and tweaks start getting added to > the simple concept, it starts treading into the territory that is better > handled by the application protocol that actually *knows what it's > sending*. This seems to be the logical wall we keep hitting, which is why > TLS doesn't seem like the place to do this. > > > I think two concepts are blending into one.... You appear to be > arguing for efficiency, and I'm more concerned with safely/securely. > No, you're just not following the conversation or understanding the concepts. > I'm fairly certain the internet community at large would benefit from > "compression done safely/securely", even if its not the most > efficient. If the application layer wants to provide a more efficient > implementations, then that's fine too. Doing compression safely/securely is an application-specific problem. Using constant bitrate perceptual coding allows us to compress audio/video streams in such a way that there is no compression side-channel, because the data rate is kept constant per unit time. If we were to try to use TLS compression instead, not only would it fail to compress as well, but it would have a compression side-channel an attacker could use to potentially recover a transcript of an encrypted conversation (such attacks against against VBR audio compression). TLS is the wrong layer at which to solve the problem of compression. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
