Hi Rich,
It is widely recognized that in many cases, TLS-level compression is flawed (for example NNTP authinfo?).
Though I've read a few pages explaining how CRIME and BEAST attacks work, I still do not see well how TLS-level compression would make NNTP vulnerable.
Same thing for POP or IMAP I believe. The news server does not leak information. The responses are just OK or KO. For instance: AUTHINFO USER test 381 Enter password AUTHINFO PASS test 281 Authentication succeeded or in the case of an authentication failure: AUTHINFO USER test 381 Enter password AUTHINFO PASS badpassword 481 Authentication failed How compression would make NNTP weaker? (Brute-force attack is still necessary, even with compression enabled.) -- Julien ÉLIE « Etna : lave dévalante. » _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
