[gnutls-devel] removing compression

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[gnutls-devel] removing compression

Nikos Mavrogiannopoulos-2
Hi,
 As I dig into TLS 1.3 support where compression is no longer
supported, I realized that keeping compression for TLS 1.2 or earlier
would only cause problems by making complex code even more
complicated. As TLS compression is already considered insecure, I
would like to drop that support completely (an MR is at [0]), unless
there are serious objections. If none, I'll merge that removal by the
end of this month.

[0]. https://gitlab.com/gnutls/gnutls/merge_requests/408

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] removing compression

Daniel Kahn Gillmor-7
On Tue 2017-06-06 18:21:24 +0200, Nikos Mavrogiannopoulos wrote:
>  As I dig into TLS 1.3 support where compression is no longer
> supported, I realized that keeping compression for TLS 1.2 or earlier
> would only cause problems by making complex code even more
> complicated. As TLS compression is already considered insecure, I
> would like to drop that support completely (an MR is at [0]), unless
> there are serious objections. If none, I'll merge that removal by the
> end of this month.

I support this change.  Application protocols that want to compress can
do it in the application layer, where they have some hope of avoiding
compression that mixes untrusted data with trusted data (see the recent
work on improving NNTP over TLS).  Uniform compression over the entire
stream just doesn't make sense from a security standpoint, and it makes
for a security toolkit to put that kind of footgun out of reach of
casual users.

Thanks for making this change,

         --dkg

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] removing compression

Peter Williams
Ssl record layer has no notion of trusted and trusted payloads.

The cipher suite controlling which security services are applied to which payload is given an implied security label , which implicitely tags the resultant bytes. The label is a function of the labels within the end point certs (and their chains).

This has not changed since ssl v3, and its fortezza support (fortezza certs has securty labels in the public key byte block).

In a military datacenter that strips the tls at a front end processor, the (recomputed) tag (from the coearyext handshake) indicates which vlan (segmented trust level) the payloads may travel, now as TCP fragment.

On the vlan, per vlan security services are applied including the mac-layer equivalent of ipsec packet tagging of the security label. Per vlan encryption and compression may be applied.

The stuff about compression is a red herring.

That security services bundled as assurance classes of cipher suites  must be properly be tied to their intended operating theatre (web vs the stuff above) is obvious.



Sent from my iPhone

> On Jun 7, 2017, at 7:36 AM, Daniel Kahn Gillmor <[hidden email]> wrote:
>
>> On Tue 2017-06-06 18:21:24 +0200, Nikos Mavrogiannopoulos wrote:
>> As I dig into TLS 1.3 support where compression is no longer
>> supported, I realized that keeping compression for TLS 1.2 or earlier
>> would only cause problems by making complex code even more
>> complicated. As TLS compression is already considered insecure, I
>> would like to drop that support completely (an MR is at [0]), unless
>> there are serious objections. If none, I'll merge that removal by the
>> end of this month.
>
> I support this change.  Application protocols that want to compress can
> do it in the application layer, where they have some hope of avoiding
> compression that mixes untrusted data with trusted data (see the recent
> work on improving NNTP over TLS).  Uniform compression over the entire
> stream just doesn't make sense from a security standpoint, and it makes
> for a security toolkit to put that kind of footgun out of reach of
> casual users.
>
> Thanks for making this change,
>
>         --dkg
> _______________________________________________
> Gnutls-devel mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnutls-devel

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] removing compression

Nikos Mavrogiannopoulos-2
In reply to this post by Nikos Mavrogiannopoulos-2
On Tue, Jun 6, 2017 at 6:21 PM, Nikos Mavrogiannopoulos
<[hidden email]> wrote:

> Hi,
>  As I dig into TLS 1.3 support where compression is no longer
> supported, I realized that keeping compression for TLS 1.2 or earlier
> would only cause problems by making complex code even more
> complicated. As TLS compression is already considered insecure, I
> would like to drop that support completely (an MR is at [0]), unless
> there are serious objections. If none, I'll merge that removal by the
> end of this month.
>
> [0]. https://gitlab.com/gnutls/gnutls/merge_requests/408

Merged.

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Loading...