On 04/21/2016 03:04 PM, Aleksander Alekseev wrote:
I guess since the usual answer for compression was "use what SSL
provides you for free", it's rather unlikely that someone bothered to
make a proxy just for that purpose, and really, a proxy is just
another moving part in your setup: not everyone will be thrilled to
add that.


It just doesn't sound like a feature that should be implemented
separately for every single application that uses TCP. Granted TCP proxy
is not the most convenient way to solve a task. Maybe it could be
implemented in OpenVPN or on Linux TCP/IP stack level.

Wouldn't such a solution be just as vulnerable to CRIME as TLS is? I thought the reason for removing compression from TLS is to discourage people from writing applications which are vulnerable to compression based attacks by not proving an easy for people to just compress everything.

Andreas


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to