On 23/09/15 06:55, Tony Arcieri wrote: > They should not be relying on a poorly conceived feature > which has been repeatedly demonstrated to introduce vulnerabilities in what > is supposed to be a *security protocol* just because they don't want to > implement compression themselves.
I see people asserting that doing compression as part of a security layer results in bad security. I see other people asserting that a compression layer above a security layer is both sufficient and the way to go. I see existing applications who are using a transport _service_ which used to (allegedly) provide both security and compression. Why is it not possible for TLS1.3 to provide that same service combination, but implemented by design in a layered fashion? -- Cheers, Jeremy _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
