Hi,
> >> Implementations and deployments SHOULD disable TLS-level compression > >> ([RFC5246], Section 6.2.2). > > > > Because it's not yet clear to me that all application protocols using > > TLS or DTLS are subject to these compression-based attacks (at least, I > > have not yet seen analysis of all the many such protocols), personally I > > would hesitate at this time to say that all protocols MUST disable > > TLS-level compression. > > > > At this point it does not hurt to have it a MUST either, right? Are > there any serious implications for implementors or deployed applications > if we have TLS-compression as `MUST be disabled` in the document? > > +1 - I never felt comfortable with compression being decided by the underlying layer and not the application itself.
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
