[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] Add a note on (not) using TLS compression.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec/master] Add a note on (not) using TLS compression.
From: nickm@xxxxxxxxxxxxxx
Date: Mon, 24 Jul 2017 18:19:45 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 24 Jul 2017 14:19:55 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 7411e54cd7d7f2bbb70364218a35f2b48a8ee0ed
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Mon Jul 24 14:19:40 2017 -0400

    Add a note on (not) using TLS compression.
---
 tor-spec.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tor-spec.txt b/tor-spec.txt
index 86fdcc6..3be622f 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -390,6 +390,10 @@ see tor-design.pdf.
    exacerbate some attacks (e.g. the "Triple Handshake" attack from
    Feb 2013), and it plays havoc with forward secrecy guarantees.
 
+   Implementations SHOULD NOT allow TLS compression -- although we don't
+   know a way to apply a CRIME-style attack to current Tor directly,
+   it's a waste of resources.
+
 3. Cell Packet format
 
    The basic unit of communication for onion routers and onion

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/maint-0.3.1] Mark descriptors as undownloadable when dirserv_add_() rejects them
Next by Author: [tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.7-redux' into maint-0.2.8
Previous by thread: [tor-commits] [tor/master] Improve comment about why we disable TLS compression.
Next by thread: [tor-commits] [tor/master] Rename the hybrid_encrypt/decrypt functions; label them as dangerous
Index(es):
- Author
- Thread