[Ach] NO_COMPRESSION on postfix

L. Aaron Kaplan aaron at lo-res.org
Tue Dec 23 22:44:02 CET 2014


On Dec 18, 2014, at 7:06 PM, micah <micah at riseup.net> wrote:

> "Tobias Dussa (SCC)" <tobias.dussa at kit.edu> writes:
> 
>> Hi,
>> 
>> On Thu, Dec 18, 2014 at 10:27:13AM +0100, Tim wrote:
>>> you recommend "tls_ssl_options = NO_COMPRESSION" on postfix, can you
>>> tell my why compression is a bad idea? I'm familiar with
>>> https://en.wikipedia.org/wiki/CRIME but this seems to only apply on http?
>> 
>> The idea is to have ONE set of SSL-related rules.  The concrete configuration
>> snippets are just for convenience. -:)
>> So, it's a consistency thing.
> 
> Consistency is good, however confusion is bad, and when it comes to
> crypto, confusion is easy. I think to alleviate the confusion it would
> be good to note that this rationale so that people understand why this
> is done.

Hi Micah,

 a  short and concise yet sufficient explanation why this choice was made sounds like a good candidate for a git pull request? ;)
I'd happily have some text in the document with some explanation.
If you make a git pull request, please don't forget to add yourself to the list of contributors.

Best,
a.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20141223/69ebe931/attachment.sig>


More information about the Ach mailing list