* micah <[email protected]> [06/03/2016 15:03:13] wrote: > Axel Huebl <[email protected]> writes: > > > just wanted to correct a section in Postfix: > > > > For 2.9.6 Wheezy (as described) the option > > > > tls_ssl_options = NO_COMPRESSION > > Since we are on this subject, why is this NO_COMPRESSION option > suggested? There is no rationale for why this setting is there. > > The only issue with compression that I am aware of is CRIME, which is > irrelevant for SMTP.
There is currently the same discussion ins the IETF's SMTP and SHUTUP mailing lists: https://goo.gl/Ro9sgW. They're discussing a new data compression extension. I'm against that, see thread. There's also BREACH and a team that's working on new attacks and I've seen CRIME work on non-HTTPS application layer protocols in the past. That being said; yea, I'm not sure how to do it for mail protocols either, but - at least for BetterCrypto - we've always colletively decided to be on the safe side and disable compression in all of our recommendations. Aaron
signature.asc
Description: Digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
