On 1/28/16 10:17 PM, John Levine wrote:
I agree that the CRIME cookie issue seems irrelevant to SMTP since
there isn't any context saved from one session to the next. TLS has
had perfectly good compression features defined for over a decade, so
I'd rather that we encourage people to use those rather than invent
yet another layer of goop for SMTP.
Compression has been removed completely from TLS v1.3, the outcome of
the room consensus at IETF-89. It's already gone from LibreSSL and Rich
Salz indicated it would be removed from OpenSSL by the end of the year.
It's not just the CRIME attack, but a whole range of vulnerabilities
(mostly side-channel attacks, but others too) inherent to compression
that the crypto community seems to believe cannot be resolved.
Basically, they're just tired of it.
There was some interesting discussion on content-based compression, but
the TLS WG just didn't want to go there.
<csg>
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp