Compression support- zstd, &c

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 3 10:11:52 CET 2017


On Fri 2016-12-30 21:34:56 -0500, Jason A. Donenfeld wrote:
> That's an interesting idea. The first concern that immediately comes
> to mind is data leakage and CRIME-like compression attacks. We'd have
> to tread very carefully in order to do this right. Is there a
> particular implementation strategy for this you have in mind?
> Historically adding compression to crypto protocols has been quite
> risky.

This is my concern as well.  We've only recently managed to get
compression ripped out of TLS, and i'd really like to avoid it finding
its way back into other network security protocols.  The right place to
do compression is at the application layer, where it's at least possible
to distinguish between attacker-supplied traffic and user-sensitive
secrets.

Please do *not* add compressoin into wireguard itself!

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170103/c703121d/attachment.asc>


More information about the WireGuard mailing list