Comment 7 for bug 1068854

After the announcement of the upcoming presentation of CRIME, researches started to investigate what the issue used by CRIME may be, resulting in publication attack taking advantage of information leak resulting from the use of compression in the SSL/TLS, such as following write-up from Thomas Pornin:

http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/

Several additional resources now confirm that the CRIME attack is the same as the problem identified by Thomas Pornin, and explain the meaning of CRIME abbreviation as "Compression Ratio Info-leak Made Easy":

http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://www.youtube.com/watch?v=gGPhHYyg9r4
http://thread.gmane.org/gmane.network.gnutls.general/2887

In addition to zlib/deflate compression used by SSL/TLS, another attack vector using SPDY protocol with compression over non-compressed SSL/TLS connection is mentioned.

Also the following research paper form 2002 was pointed out, which discusses similar problems in the use of compression in SSL/TLS:

http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091