I have looked at both the CRIME and BREACH attacks and neither would
work against IPCOMP within ESP. TLS and HTTP compression are softly done...
It DOES change some of my thoughts about compression as a XML option for
use in DOTS. That is pretty much what CRIME is attacking. Rather you
have to take your outer envelope that contains your XML and compress the
whole thing.
On 03/10/2016 02:10 PM, Derek Fawcus wrote:
On Thu, Mar 10, 2016 at 08:29:15AM -0500, Robert Moskowitz wrote:
I have found comp in TLS, RFC 3749, so HIP's ESP is the only one missing
compression. How did I miss that? It should have been included in 7402
as an option within ESP.
Hasn't use of compression with TLS largely been abandoned now?
Simply because one or more of the recently published exploits depended upon
it, such that now one is recommended to disable compression?
So if TLS is avoiding compression, why is normal IPsec still using it?
It is because the compositions of compression and encryption used in IPsec
are safe, or has no simply tried (or not published) such attacks for IPsec?
DF
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
