On Sat, Sep 1, 2018 at 1:23 AM Jyrki Alakuijala <jyrki@google.com> wrote:
> On Fri, Aug 31, 2018 at 4:58 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wrote:
>>
>> Of course, this is all after the security concerns are mitigated ;)
>>
>
> We involved Thai Duong in the security analysis and we have a limited
> scope solution that allows much of the benefits without these security
> concerns. One main mitigation there is to never compress data mixed from
> public and private sources.
>
Yes. That’s been well understood and well discussed as the bare minimum -
but that requires servers understanding what constitutes public and private
sources, or the interaction between data that may need to remain private
through timing leaks.
I don’t think it’s fair to say without the security concerns - there’s a
considerably high bar to demonstrate that, both in theory and in practice.
A compression scheme that requires serves dramatically rework their serving
infrastructure in order to tag such is, generally speaking, an insecure
solution. The adoption of a given method is highly correlated to its lack
of footguns, and tagged annotations of public v private are a giant footgun
for server operators and not worth the risk to users, or the implicit trust
that servers and server operators can and will get it right.
>