[
https://issues.apache.org/jira/browse/WSS-386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258275#comment-13258275
]
Hendry Betts III commented on WSS-386:
--------------------------------------
Why introduce proprietary compression? If we use a standard gZip algorithm, we
should be able to see the same benefit of compression and not have the
proprietary disadvantage. Also, if we compress prior to encryption (or even
post encryption) then I don't understand what the "new attck-vector" would be.
> Introduce proprietary Compress-Transformation for Encryption / Decryption
> -------------------------------------------------------------------------
>
> Key: WSS-386
> URL: https://issues.apache.org/jira/browse/WSS-386
> Project: WSS4J
> Issue Type: Sub-task
> Reporter: Marc Giger
> Assignee: Marc Giger
> Priority: Minor
> Fix For: 2.0
>
>
> Compressing encrypted content (as usually done on transport layer) is not
> very efficient but plain XML is.
> Numbers:
> soap-doc-encrypted-not-compressed.xml = ~19M
> soap-doc-compressed-on-transport.gz = ~ 15M
> soap-doc-compressed-before-xml-encryption.xml = ~1.1M
> The advantages are:
> - Factor n less data on the wire
> - Faster processing on both side because much less data must be
> encrypted/decrypted (depends on encryption/compression algorithm)
> Disadvantages:
> - Proprietary
> - Introduces new attack-vector and will be disabled by default for WSS with
> the introduction of secure-processing
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
