Major internet threat is called CRIME
Compression Ratio Info-leak Made Easy, CRIME provided a reliable and repeatable means for attackers to defeat the widely used secure sockets layer and transport layer security protocols. Together, they form the basis of virtually all encryption between websites and end users.
http://arstechnica.com/security/2012/10/internet-architects-mull-changes-to-fight-ssl-busting-crime-attacks/
Draft Compression harmful document
https://tools.ietf.org/search/draft-kihara-compression-considered-harmful-00
So give us bigger pipes and we will turn off Compression.
No comments:
Post a Comment