[Top] [All Lists]

Re: [ietf-smtp] Compressing SMTP data

2016-01-30 03:59:49

On 30/01/2016 03:42, Russ Allbery wrote:
"John R Levine" <johnl(_at_)taugh(_dot_)com> writes:

Here's an alternative hack that only compresses the message body.  I
think it avoids the CRIME problem since it seems it'd be pretty hard to
predict where in a stream the encoded data would start.  It is about as
effective as compressing the whole stream since the SMTP commands and
responses are generally very short, while making the code considerably
simpler since only the part that sends or receives the message body
needs to understand compression.
We considered this in NNTP and abandoned it because the implementation
complexity seemed a lot higher for the typical NNTP implementation.  The
advantage of compressing the whole stream in a protocol that already
supports TLS and SASL is that you just stack the compression into your
transport layer, and you already have a system for dealing with that.
This requires building knowledge higher in the stack in the command
I prefer the "extra command to compress the message body" method. It just seems more SMTP-y to me. Also, I'd have thought it'd be easier to implement - anyone could just GZIP the raw message and then send the output of that. Doing stream compression would seem to be a lot harder.

ietf-smtp mailing list