Hi Yaron,
Can we make all the compression algorithms SHOULD NOT instead of MAY?
TLS got rid of compression altogether, there are numerous attacks on
compressed traffic, and even the document states that these algorithms
are not widely implemented.
What attacks do you mean? Those that I'm aware of (CRIME, BREACH)
are specific to HTTP and cannot be directly used with ESP (ESP has a
mandatory padding and an optional TFC padding that make those attacks
impractical).
Are there any new or more applicable attacks that I've missed?
I see no reason to downgrade compression to SHOULD NOT unless
we have an indication that it is really dangerous in the context of ESP.
Regards,
Valery.
Thanks,
Yaron
On 02/09/16 05:49, Paul Wouters wrote:
I just published draft-mglt-ipsecme-rfc7321bis-03 (well and -02)
(ietf announcement of these seems delayed?)
https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis-03
The changes are:
- Update 256-bit key sizes to MUST (except IoT) - similar to 4307bis
- Add Security Section from RFC7321
- Removed MAY algorithms (RC5, CAST, IDEA, ENCR_AES_CCM_16)
- Added note on ENCR_BLOWFISH
- Removed notes on removed MAY list entries (CCM & GCM flavours, GMAC,
CMAC))
- Removed non-ipsec entries and added note to introduction on these
- Removed no longer used RFC-4595 reference
I think this document is now ready for a call for adoption.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
