Watson Ladd wrote: > > Why is it important that clients be permitted to signal support for > compression and TLS 1.3 conditionally? Remember, we also want to phase > out the use of compression in TLS 1.2.
compression in TLS is *NOT* generally bad, and not generally a problem. It may be a problem for usage scenarios where attacker-supplied content and unknown content are mixed prior to compression, and in particular where an attacker is freely given elaborate control over the behaviour of one of the endpoints (e.g. SSL-VPNs and Web-Browsers), but there are many more, perfectly valid usage scenarios, where TLS compression is in current use, such as copying huge sparse files over a TLS-protected communication channel. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
