- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 12 May 2015 12:07:03 -0700
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, Willy Tarreau <w@1wt.eu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 12 May 2015 at 11:01, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > And therefore, "C-E: gzip" must always happen after encryption, > because we are always dealing with who_knows_what_kind_of_data. I think that's a reasonable conclusion. > And therefore "C-E: gzip" does not make any sense if you have > encryption (unless somebody invents an encryption where the > ciphertext is base64 or similar) but it is just a harmless waste > of electricity, it is not a security-hole. Not that this is practically relevant, but you can actually compress encrypted data. There's a paper proving that it's possible from about 10 years back. It's certainly not gzip though.
Received on Tuesday, 12 May 2015 19:07:30 UTC