Lewis G Rosenthal <[email protected]> writes: > Hi... > > On 03/06/16 09:02 am, micah wrote: >> Axel Huebl <[email protected]> writes: >> >>> just wanted to correct a section in Postfix: >>> >>> For 2.9.6 Wheezy (as described) the option >>> >>> tls_ssl_options = NO_COMPRESSION >> Since we are on this subject, why is this NO_COMPRESSION option >> suggested? There is no rationale for why this setting is there. >> >> The only issue with compression that I am aware of is CRIME, which is >> irrelevant for SMTP. >> > > According to the postfix docs: > > Compression is CPU-intensive, and compression before encryption does not > always improve security. > > For performance reasons alone, and the lack of evidence to support that it > would add better security, it is best left disabled.
Sure... but these recommendations are not about performance, if they were I would expect other recommendations to also appear. I dont think the clause 'compression before encryption does not always improve security' means that compression should be disabled to improve security. micah _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
