[Ach] Postfix 2.9.6 (Wheezy) & tls Compression
micah
micah at riseup.net
Sun Mar 6 15:52:52 CET 2016
Lewis G Rosenthal <lgrosenthal at 2rosenthals.com> writes:
> Hi...
>
> On 03/06/16 09:02 am, micah wrote:
>> Axel Huebl <axel.huebl at plasma.ninja> writes:
>>
>>> just wanted to correct a section in Postfix:
>>>
>>> For 2.9.6 Wheezy (as described) the option
>>>
>>> tls_ssl_options = NO_COMPRESSION
>> Since we are on this subject, why is this NO_COMPRESSION option
>> suggested? There is no rationale for why this setting is there.
>>
>> The only issue with compression that I am aware of is CRIME, which is
>> irrelevant for SMTP.
>>
>
> According to the postfix docs:
>
> Compression is CPU-intensive, and compression before encryption does not
> always improve security.
>
> For performance reasons alone, and the lack of evidence to support that it
> would add better security, it is best left disabled.
Sure... but these recommendations are not about performance, if they
were I would expect other recommendations to also appear.
I dont think the clause 'compression before encryption does not always
improve security' means that compression should be disabled to improve
security.
micah
More information about the Ach
mailing list