- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 27 Jan 2012 00:54:51 +1300
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- CC: Willy Tarreau <w@1wt.eu>, ietf-http-wg@w3.org
On 27/01/2012 12:14 a.m., Poul-Henning Kamp wrote: > In message<4F212798.4080205@treenet.co.nz>, Amos Jeffries writes: >> On 26/01/2012 10:48 p.m., Poul-Henning Kamp wrote: >>> One benefit of compressing the entire connection is that it offers >>> "privacy-light", the simple malware which just snoops packets and >>> searches for "password:" etc, would be out of the picture. >> no gain. compression is equally mandatory and open to snoops as for >> other software. > Actually, that is not true. The barrier is significantly higher > if you need to maintain compressed state for all the connections, > compared to just scanning raw packets for red meat. I don't mean compared to nothing at all. I mean as compared to each other, snoops and legit servers have relatively the same state to maintain. A part of the benefit from encryption is the imbalance between snoops having to know more and keep more state running perfectly than any legit endpoints. Its an unfair game weighted in favor of the good guys. > > I will agree that we are talking a white picket fence, not a solid > concrete barrier, but ask anybody how much difference a small white > picket fence makes with respect to dog-poop in your front yard and > you will see the tangible benefit. But them nastier cat'll jump right over. ;) AYJ
Received on Thursday, 26 January 2012 11:55:24 UTC