On Mon, 2021-11-08 at 13:30 +0530, Abhijit Menon-Sen wrote: > At 2021-11-08 08:41:42 +0100, mjbaars1977.pgsql.hack...@gmail.com wrote: > > Could someone please explain to me, why compression is being > > considered unsafe / insecure? > > https://en.wikipedia.org/wiki/CRIME >
Well Abhijit, personally I don't see any connection between crime and compression. I do see however, that some people might feel safer communicating over an SSL ENCRYPTED line doing their daily business, unjustified as that is, but they shouldn't be feeling safer communicating over a compressed line, that would be utterly stupid. The sole purpose of compression is to reduce the size of a particular amount of data. > > Might the underlying reason be, that certain people have shown > > interest in my libpq/PQblockwrite algorithms ( > > https://www.postgresql.org/message-id/c7cccd0777f39c53b9514e3824badf276759fa87.camel%40cyberfiber.eu) > > but felt turned down and are now persuading me to trade the algorithms > > against SSL compression, than just say so please. I'll see what I can > > do. > > The whole world is trying to move away from TLS compression (which has > been removed from TLS 1.3). It has nothing to do with you. As I understand it, TLS is a predecessor of SSL. People are trying to move away from TLS, not from compression. > > -- Abhijit
