[Ach] NO_COMPRESSION on postfix

Tobias Dussa (SCC) tobias.dussa at kit.edu
Thu Dec 18 10:36:44 CET 2014


On Thu, Dec 18, 2014 at 10:27:13AM +0100, Tim wrote:
> you recommend "tls_ssl_options = NO_COMPRESSION" on postfix, can you
> tell my why compression is a bad idea? I'm familiar with
> https://en.wikipedia.org/wiki/CRIME but this seems to only apply on http?

The idea is to have ONE set of SSL-related rules.  The concrete configuration
snippets are just for convenience. -:)
So, it's a consistency thing.

If "Microsoft Word" is the right tool to write longer texts, then why is it not
called "Microsoft Sentence" or "Microsoft Paragraph"?


Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5716 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20141218/df37f479/attachment.bin>

More information about the Ach mailing list