RFC 7457, "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", February 2015

Errata ID: 4592
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Matthäus Wander
Date Reported: 2016-01-10

Section 2.6 says:

The TIME attack can be mitigated by disabling TLS compression.  We
are not aware of mitigations at the TLS protocol level to the BREACH
attack, and so application-level mitigations are needed (see
[BREACH]).

It should say:

The CRIME attack can be mitigated by disabling TLS compression.  We
are not aware of mitigations at the TLS protocol level to the TIME and
BREACH attacks, and so application-level mitigations are needed (see
[BREACH]).

Notes:

As explained in the second paragraph in 2.6, the TIME attack makes use of HTTP-level response compression (in fact, it does not matter on which layer the compression occurs, but exploitation of HTTP-level response compression has been demonstrated). Hence, it cannot be mitigated by disabling TLS compression alone.

Instead, CRIME can be mitigated by disabling TLS compression, as it exploits TLS-level compression of requests.

Report New Errata