On Tue, Jan 10, 2006 at 01:57:43PM +0000, Tony Finch wrote: > On Tue, 10 Jan 2006, Joe Hildebrand wrote: > > > > I want to note here that JEP-0138, Stream Compression, should be done > > > after TLS negotiation. The JEP does not mention that it should also go > > > before SASL but that seems fairly logical. > > > > why before SASL? It seems like the restart of the stream after SASL might > > be > > interpreted to supersede the compressed stream. > > However the restart of the stream after SASL does not supersede TLS.
Right. I see it as an onion. You wrap your XML Streams in a authenticated stream that is wrapped in an compressed stream that is wrapped in a encrypted stream. Surely it doesn't matter (much) if you compress before or after SASL, but I suppose compressing as soon as possible gains you at least some bytes. It also depends on how much traffic is in between establishing the encryption layer and the point where you can start sending XML Stanzas. Also note that if you use TLS compression, it is in effect before SASL authentication. -- Groetjes, ralphm
