| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Aleksander Alekseev <a(dot)alekseev(at)postgrespro(dot)ru>, "Shulgin, Oleksandr" <oleksandr(dot)shulgin(at)zalando(dot)de> |
| Cc: | Shay Rojansky <roji(at)roji(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Wire protocol compression |
| Date: | 2016-04-21 14:21:24 |
| Message-ID: | 5718E1E4.1010307@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 04/21/2016 03:04 PM, Aleksander Alekseev wrote:
>> I guess since the usual answer for compression was "use what SSL
>> provides you for free", it's rather unlikely that someone bothered to
>> make a proxy just for that purpose, and really, a proxy is just
>> another moving part in your setup: not everyone will be thrilled to
>> add that.
>
> It just doesn't sound like a feature that should be implemented
> separately for every single application that uses TCP. Granted TCP proxy
> is not the most convenient way to solve a task. Maybe it could be
> implemented in OpenVPN or on Linux TCP/IP stack level.
Wouldn't such a solution be just as vulnerable to CRIME as TLS is? I
thought the reason for removing compression from TLS is to discourage
people from writing applications which are vulnerable to compression
based attacks by not proving an easy for people to just compress everything.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-04-21 14:46:23 | Re: Why doesn't src/backend/port/win32/socket.c implement bind()? |
| Previous Message | Kevin Grittner | 2016-04-21 14:16:18 | Re: Re: [COMMITTERS] pgsql: Avoid extra locks in GetSnapshotData if old_snapshot_threshold < |