[Ach] NO_COMPRESSION on postfix

micah micah at riseup.net
Thu Dec 18 19:06:21 CET 2014

"Tobias Dussa (SCC)" <tobias.dussa at kit.edu> writes:

> Hi,
> On Thu, Dec 18, 2014 at 10:27:13AM +0100, Tim wrote:
>> you recommend "tls_ssl_options = NO_COMPRESSION" on postfix, can you
>> tell my why compression is a bad idea? I'm familiar with
>> https://en.wikipedia.org/wiki/CRIME but this seems to only apply on http?
> The idea is to have ONE set of SSL-related rules.  The concrete configuration
> snippets are just for convenience. -:)
> So, it's a consistency thing.

Consistency is good, however confusion is bad, and when it comes to
crypto, confusion is easy. I think to alleviate the confusion it would
be good to note that this rationale so that people understand why this
is done.

More information about the Ach mailing list