[Ach] NO_COMPRESSION on postfix
L. Aaron Kaplan
aaron at lo-res.org
Tue Dec 23 22:44:02 CET 2014
On Dec 18, 2014, at 7:06 PM, micah <micah at riseup.net> wrote:
> "Tobias Dussa (SCC)" <tobias.dussa at kit.edu> writes:
>
>> Hi,
>>
>> On Thu, Dec 18, 2014 at 10:27:13AM +0100, Tim wrote:
>>> you recommend "tls_ssl_options = NO_COMPRESSION" on postfix, can you
>>> tell my why compression is a bad idea? I'm familiar with
>>> https://en.wikipedia.org/wiki/CRIME but this seems to only apply on http?
>>
>> The idea is to have ONE set of SSL-related rules. The concrete configuration
>> snippets are just for convenience. -:)
>> So, it's a consistency thing.
>
> Consistency is good, however confusion is bad, and when it comes to
> crypto, confusion is easy. I think to alleviate the confusion it would
> be good to note that this rationale so that people understand why this
> is done.
Hi Micah,
a short and concise yet sufficient explanation why this choice was made sounds like a good candidate for a git pull request? ;)
I'd happily have some text in the document with some explanation.
If you make a git pull request, please don't forget to add yourself to the list of contributors.
Best,
a.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20141223/69ebe931/attachment.sig>
More information about the Ach
mailing list