[tor-commits] [torspec/master] Add a note on (not) using TLS compression.
nickm at torproject.org
nickm at torproject.org
Mon Jul 24 18:19:45 UTC 2017
commit 7411e54cd7d7f2bbb70364218a35f2b48a8ee0ed
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Jul 24 14:19:40 2017 -0400
Add a note on (not) using TLS compression.
---
tor-spec.txt | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tor-spec.txt b/tor-spec.txt
index 86fdcc6..3be622f 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -390,6 +390,10 @@ see tor-design.pdf.
exacerbate some attacks (e.g. the "Triple Handshake" attack from
Feb 2013), and it plays havoc with forward secrecy guarantees.
+ Implementations SHOULD NOT allow TLS compression -- although we don't
+ know a way to apply a CRIME-style attack to current Tor directly,
+ it's a waste of resources.
+
3. Cell Packet format
The basic unit of communication for onion routers and onion
More information about the tor-commits
mailing list