draft-ietf-tls-compression-03.txt   draft-ietf-tls-compression-04.txt 
Network Working Group S. Hollenbeck Network Working Group S. Hollenbeck
Internet-Draft VeriSign, Inc. Internet-Draft VeriSign, Inc.
Updates: 2246 (if approved) October 23, 2002 Updates: 2246 (if approved) December 2, 2002
Expires: April 23, 2003 Expires: June 2, 2003
Transport Layer Security Protocol Compression Methods Transport Layer Security Protocol Compression Methods
draft-ietf-tls-compression-03.txt draft-ietf-tls-compression-04.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 23, 2003. This Internet-Draft will expire on June 2, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
The Transport Layer Security (TLS) protocol (RFC 2246) includes The Transport Layer Security (TLS) protocol (RFC 2246) includes
features to negotiate selection of a lossless data compression method features to negotiate selection of a lossless data compression method
as part of the TLS Handshake Protocol and to then apply the algorithm as part of the TLS Handshake Protocol and to then apply the algorithm
associated with the selected method as part of the TLS Record associated with the selected method as part of the TLS Record
Protocol. TLS defines one standard compression method, Protocol. TLS defines one standard compression method which
CompressionMethod.null, which specifies that data exchanged via the specifies that data exchanged via the record protocol will not be
record protocol will not be compressed. This document describes compressed. This document describes an additional compression method
additional compression methods associated with lossless data associated with a lossless data compression algorithm for use with
compression algorithms for use with TLS. TLS, and it describes a method for the specification of additional
TLS compression methods.
Conventions Used In This Document Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1]. document are to be interpreted as described in RFC 2119 [1].
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Compression Methods . . . . . . . . . . . . . . . . . . . . . 4 2. Compression Methods . . . . . . . . . . . . . . . . . . . . . 3
2.1 Compression History and Packet Processing . . . . . . . . . . 5 2.1 Compression History and Packet Processing . . . . . . . . . . 4
2.2 ZLIB Compression . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 ZLIB Compression . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 LZS Compression . . . . . . . . . . . . . . . . . . . . . . . 5 3. Intellectual Property Considerations . . . . . . . . . . . . . 5
3. Intellectual Property Considerations . . . . . . . . . . . . . 7 4. Internationalization Considerations . . . . . . . . . . . . . 5
4. Internationalization Considerations . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 Normative References . . . . . . . . . . . . . . . . . . . . . 6
Normative References . . . . . . . . . . . . . . . . . . . . . 12 Informative References . . . . . . . . . . . . . . . . . . . . 6
Informative References . . . . . . . . . . . . . . . . . . . . 13 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 13 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 8
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
The Transport Layer Security (TLS) protocol (RFC 2246, [2]) includes The Transport Layer Security (TLS) protocol (RFC 2246, [2]) includes
features to negotiate selection of a lossless data compression method features to negotiate selection of a lossless data compression method
as part of the TLS Handshake Protocol and to then apply the algorithm as part of the TLS Handshake Protocol and to then apply the algorithm
associated with the selected method as part of the TLS Record associated with the selected method as part of the TLS Record
Protocol. TLS defines one standard compression method, Protocol. TLS defines one standard compression method,
CompressionMethod.null, which specifies that data exchanged via the CompressionMethod.null, which specifies that data exchanged via the
record protocol will not be compressed. While this single record protocol will not be compressed. While this single
skipping to change at page 3, line 31 skipping to change at page 3, line 31
as short-lived and exchanging relatively small amounts of data, TLS as short-lived and exchanging relatively small amounts of data, TLS
is also being used in environments where connections can be long- is also being used in environments where connections can be long-
lived and the amount of data exchanged can extend into thousands or lived and the amount of data exchanged can extend into thousands or
millions of octets. XML [4], for example, is increasingly being used millions of octets. XML [4], for example, is increasingly being used
as a data representation method on the Internet, and XML tends to be as a data representation method on the Internet, and XML tends to be
verbose. Compression within TLS is one way to help reduce the verbose. Compression within TLS is one way to help reduce the
bandwidth and latency requirements associated with exchanging large bandwidth and latency requirements associated with exchanging large
amounts of data while preserving the security services provided by amounts of data while preserving the security services provided by
TLS. TLS.
This document describes additional compression methods associated This document describes an additional compression method associated
with lossless data compression algorithms for use with TLS. with a lossless data compression algorithm for use with TLS.
Standardization of the compressed data formats and compression Standardization of the compressed data formats and compression
algorithms associated with the compression methods is beyond the algorithms associated with this compression method is beyond the
scope of this document. scope of this document.
2. Compression Methods 2. Compression Methods
TLS [2] includes the following compression method structure in TLS [2] includes the following compression method structure in
sections 6.1 and 7.4.1.2 and Appendix sections A.4.1 and A.6: sections 6.1 and 7.4.1.2 and Appendix sections A.4.1 and A.6:
enum { null(0), (255) } CompressionMethod; enum { null(0), (255) } CompressionMethod;
which allows for later specification of up to 256 different which allows for later specification of up to 256 different
skipping to change at page 4, line 33 skipping to change at page 4, line 16
values MUST be made by the IANA and MUST be associated with a values MUST be made by the IANA and MUST be associated with a
formal reference that describes the compression method. formal reference that describes the compression method.
3. Values from 193 decimal (0xC1) through 255 decimal (0xFF) are 3. Values from 193 decimal (0xC1) through 255 decimal (0xFF) are
reserved for private use. reserved for private use.
Additional information describing the role of the IANA in the Additional information describing the role of the IANA in the
allocation of compression method identifiers is described in Section allocation of compression method identifiers is described in Section
5. 5.
In addition, this definition is updated to include assignment of two In addition, this definition is updated to include assignment of an
additional compression methods: identifier for the ZLIB compression method:
enum { null(0), ZLIB(1), LZS(2), (255) } CompressionMethod;
These two compression methods are defined to provide implementers enum { null(0), ZLIB(1), (255) } CompressionMethod;
with alternatives based on compression performance, ease of
implementation, and licensing requirements (see Section 3 for a
description of intellectual property considerations). ZLIB is
generally known as a freely-available, widely-deployed compression
method, whereas LZS is generally known to provide memory footprint
and performance advantages in stateful networking applications.
As described in section 6 of RFC 2246, TLS is a stateful protocol. As described in section 6 of RFC 2246 [2], TLS is a stateful
Compression methods used with TLS can be either stateful (the protocol. Compression methods used with TLS can be either stateful
compressor maintains it's state through all compressed records) or (the compressor maintains it's state through all compressed records)
stateless (the compressor compresses each record independently), but or stateless (the compressor compresses each record independently),
there seems to be little known benefit in using a stateless but there seems to be little known benefit in using a stateless
compression method within TLS. compression method within TLS.
All of the compression methods described in this document are The ZLIB compression method described in this document is stateful.
stateful. It is recommended that other compression methods that It is recommended that other compression methods that might be
might be standardized in the future be stateful as well. standardized in the future be stateful as well.
Compression algorithms can occasionally expand, rather than compress,
input data. A compression method that exceeds the expansion limits
described in section 6.2.2 of RFC 2246 [2] MUST NOT be used with TLS.
2.1 Compression History and Packet Processing 2.1 Compression History and Packet Processing
Some compression methods have the ability to maintain history Some compression methods have the ability to maintain history
information when compressing and decompressing packet payloads. The information when compressing and decompressing packet payloads. The
compression history allows a higher compression ratio to be achieved compression history allows a higher compression ratio to be achieved
on a stream as compared to per-packet compression, but maintaining a on a stream as compared to per-packet compression, but maintaining a
history across packets implies that a packet might contain data history across packets implies that a packet might contain data
needed to completely decompress data contained in a different packet. needed to completely decompress data contained in a different packet.
History maintenance thus requires both a reliable link and sequenced History maintenance thus requires both a reliable link and sequenced
packet delivery. History information MAY be maintained and exploited packet delivery. Since TLS and lower-layer protocols provide
when using the compression methods described in this document if TLS reliable, sequenced packet delivery, compression history information
is being used with a protocol that provides reliable, sequenced MAY be maintained and exploited if supported by the compression
packet delivery. method.
2.2 ZLIB Compression 2.2 ZLIB Compression
The ZLIB compression method and encoding format is described in RFC The ZLIB compression method and encoding format is described in RFC
1950 [5] and RFC 1951 [6]. Examples of ZLIB use in IETF protocols 1950 [5] and RFC 1951 [6]. Examples of ZLIB use in IETF protocols
can be found in RFC 1979 [7], RFC 2394 [8], and RFC 3274 [9]. can be found in RFC 1979 [7], RFC 2394 [8], and RFC 3274 [9].
ZLIB allows the sending compressor to select from among several ZLIB allows the sending compressor to select from among several
options to provide varying compression ratios, processing speeds, and options to provide varying compression ratios, processing speeds, and
memory requirements. The receiving decompressor will automatically memory requirements. The receiving decompressor MUST automatically
adjust to the parameters selected by the sender. adjust to the parameters selected by the sender. All data that was
submitted for compression MUST be included in the compressed output,
ZLIB has the ability to maintain history information when compressing with no data retained to be included in a later output payload.
and decompressing packet payloads. If TLS is not being used with a Flushing ensures that each compressed packet payload can be
protocol that provides reliable, sequenced packet delivery, the
sender MUST flush the compressor completely each time a compressed
payload is produced. All data that was submitted for compression
MUST be included in the compressed output, with no data retained to
be included in a later output payload. Flushing ensures that each
compressed packet payload can be decompressed completely.
2.3 LZS Compression
The Lempel Zif Stac (LZS) compression method and encoding format is
described in ANSI publication X3.241 [10]. Examples of LZS use in
IETF protocols can be found in RFC 1967 [11], RFC 1974 [12], and RFC
2395 [13].
LZS has the ability to maintain history information when compressing
and decompressing packet payloads. If TLS is not being used with a
protocol that provides reliable, sequenced packet delivery, the
compression history MUST be reset by the sender before compressing
data and the decompression history MUST be reset by the receiver
before decompressing data to ensure that compressed packet payloads
can be decompressed completely. The sender MUST flush the compressor
completely each time a compressed payload is produced. All data that
was submitted for compression MUST be included in the compressed
output, with no data retained to be included in a later output
payload. Flushing ensures that each compressed packet payload can be
decompressed completely. decompressed completely.
3. Intellectual Property Considerations 3. Intellectual Property Considerations
Many compression algorithms are subject to patent or other Many compression algorithms are subject to patent or other
intellectual property rights claims. Implementers are encouraged to intellectual property rights claims. Implementers are encouraged to
seek legal guidance to better understand the implications of seek legal guidance to better understand the implications of
developing implementations of the compression methods described in developing implementations of the compression method described in
this document or other documents that describe compression methods this document or other documents that describe compression methods
for use with TLS. for use with TLS.
4. Internationalization Considerations 4. Internationalization Considerations
The compression method identifiers specified in this document are The compression method identifiers specified in this document are
machine-readable numbers. As such, issues of human machine-readable numbers. As such, issues of human
internationalization and localization are not introduced. internationalization and localization are not introduced.
5. IANA Considerations 5. IANA Considerations
This document does not have a direct impact on the IANA, but it does Section 2 of this document describes a registry of compression method
define ranges of compression method values for future assignment. identifiers to be maintained by the IANA, including assignment of an
Values from the range reserved for future standardization efforts of identifier for the ZLIB compression method. Identifier values from
the TLS working group MUST be assigned according to the "Standards the range reserved for future standardization efforts of the TLS
Action" policy described in RFC 2434 [3]. Values from the range working group MUST be assigned according to the "Standards Action"
reserved for private use MUST be used according to the "Private Use" policy described in RFC 2434 [3]. Values from the range reserved for
policy described in RFC 2434. Values from the general IANA pool MUST private use MUST be used according to the "Private Use" policy
be assigned according to the "IETF Consensus" policy described in RFC described in RFC 2434. Values from the general IANA pool MUST be
assigned according to the "IETF Consensus" policy described in RFC
2434. 2434.
6. Security Considerations 6. Security Considerations
This document does not introduce any topics that alter the threat This document does not introduce any topics that alter the threat
model addressed by TLS. The security considerations described model addressed by TLS. The security considerations described
throughout RFC 2246 [2] apply here as well. throughout RFC 2246 [2] apply here as well.
Some symmetric encryption ciphersuites do not hide the length of Some symmetric encryption ciphersuites do not hide the length of
symmetrically encrypted data at all. Others hide it to some extent, symmetrically encrypted data at all. Others hide it to some extent,
skipping to change at page 11, line 12 skipping to change at page 6, line 18
into account that the length of compressed data may leak more into account that the length of compressed data may leak more
information than the length of the original uncompressed data. information than the length of the original uncompressed data.
7. Acknowledgements 7. Acknowledgements
The concepts described in this document were originally discussed on The concepts described in this document were originally discussed on
the IETF TLS working group mailing list in December, 2000. The the IETF TLS working group mailing list in December, 2000. The
author acknowledges the contributions to that discussion provided by author acknowledges the contributions to that discussion provided by
Jeffrey Altman, Eric Rescorla, and Marc Van Heyningen. Later Jeffrey Altman, Eric Rescorla, and Marc Van Heyningen. Later
suggestions that have been incorporated into this document were suggestions that have been incorporated into this document were
provided by Tim Dierks, Pasi Eronen, Peter Gutmann, Nikos provided by Tim Dierks, Pasi Eronen, Peter Gutmann, Elgin Lee, Nikos
Mavroyanopoulos, Alexey Melnikov, and Bodo Moeller. Mavroyanopoulos, Alexey Melnikov, and Bodo Moeller.
Normative References Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and [2] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and
P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January
1999. 1999.
skipping to change at page 13, line 24 skipping to change at page 7, line 4
[6] Deutsch, P., "DEFLATE Compressed Data Format Specification [6] Deutsch, P., "DEFLATE Compressed Data Format Specification
version 1.3", RFC 1951, May 1996. version 1.3", RFC 1951, May 1996.
[7] Woods, J., "PPP Deflate Protocol", RFC 1979, August 1996. [7] Woods, J., "PPP Deflate Protocol", RFC 1979, August 1996.
[8] Pereira, R., "IP Payload Compression Using DEFLATE", RFC 2394, [8] Pereira, R., "IP Payload Compression Using DEFLATE", RFC 2394,
December 1998. December 1998.
[9] Gutmann, P., "Compressed Data Content Type for Cryptographic [9] Gutmann, P., "Compressed Data Content Type for Cryptographic
Message Syntax (CMS)", RFC 3274, June 2002. Message Syntax (CMS)", RFC 3274, June 2002.
[10] American National Standards Institute, "Data Compression
Method, Adaptive Coding with Sliding Window of Information
Interchange", ANSI X3.241, 1994.
[11] Schneider, K., Friend, R. and K. Fox, "PPP LZS-DCP Compression
Protocol (LZS-DCP)", RFC 1967, August 1996.
[12] Friend, R., Simpson, W. and K. Fox, "PPP Stac LZS Compression
Protocol", RFC 1974, August 1996.
[13] Friend, R. and R. Monsour, "IP Payload Compression Using LZS",
RFC 2395, December 1998.
Author's Address Author's Address
Scott Hollenbeck Scott Hollenbeck
VeriSign, Inc. VeriSign, Inc.
21345 Ridgetop Circle 21345 Ridgetop Circle
Dulles, VA 20166-6503 Dulles, VA 20166-6503
US US
EMail: shollenbeck@verisign.com EMail: shollenbeck@verisign.com
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/