Re: New Version Notification for draft-thomson-http-encryption-00.txt

On 12 May 2015 at 11:01, Poul-Henning Kamp <> wrote:
> And therefore, "C-E: gzip" must always happen after encryption,
> because we are always dealing with who_knows_what_kind_of_data.

I think that's a reasonable conclusion.

> And therefore "C-E: gzip" does not make any sense if you have
> encryption (unless somebody invents an encryption where the
> ciphertext is base64 or similar) but it is just a harmless waste
> of electricity, it is not a security-hole.

Not that this is practically relevant, but you can actually compress
encrypted data.  There's a paper proving that it's possible from about
10 years back.  It's certainly not gzip though.

Received on Tuesday, 12 May 2015 19:07:30 UTC