On Tue, Apr 7, 2015 at 1:37 PM, Richard Moore <richmoore44 at gmail.com> wrote: > On 7 April 2015 at 17:49, Jakob Bohm <jb-openssl at wisemo.com> wrote: >> >> It also appears the HTTP/2.0 draft aka SPDY requires >> compression to be enabled, though I don't know if that >> is at the TLS or HTTP level. > > HTTP/2 does not require TLS compression. It does however use it's own > compression for headers (hpack) which is designed to be safe from attacks > like CRIME. A me too: earlier version of SPDY required compression, and user agents had to support it. It seems to still be the case in version 4 (http://mbelshe.github.io/SPDY-Specification/draft-mbelshe-spdy-00.xml). I'm not sure if/how SPDY differs from HTTP/2 (other than I know they are different but aligned). It seems to me the trick to avoid CRMIE-like attacks is to make sure the compression is semantically secure. In the case of CRIME, information should not be gained across different messages (in this case, each message alone was secure - it was the different messages over time that got folks in trouble). But I'm not sure about other attacks on the compression layer.
