[Ach] NO_COMPRESSION on postfix
micah
micah at riseup.net
Thu Dec 18 19:06:21 CET 2014
"Tobias Dussa (SCC)" <tobias.dussa at kit.edu> writes:
> Hi,
>
> On Thu, Dec 18, 2014 at 10:27:13AM +0100, Tim wrote:
>> you recommend "tls_ssl_options = NO_COMPRESSION" on postfix, can you
>> tell my why compression is a bad idea? I'm familiar with
>> https://en.wikipedia.org/wiki/CRIME but this seems to only apply on http?
>
> The idea is to have ONE set of SSL-related rules. The concrete configuration
> snippets are just for convenience. -:)
> So, it's a consistency thing.
Consistency is good, however confusion is bad, and when it comes to
crypto, confusion is easy. I think to alleviate the confusion it would
be good to note that this rationale so that people understand why this
is done.
More information about the Ach
mailing list