[Dovecot] SSL + compression?
Benjamin R. Haskell
dovecot at benizi.com
Fri Jun 20 23:04:51 EEST 2008
On Fri, 20 Jun 2008, Johannes Berg wrote:
>> I don't think it does be default. The only what I know is to establish
>> a compressed SSH tunnel to your server and then access the server over
>> the tunnel. It will compress and give you an extra layer of encryption.
> Umm, no. It will not compress. Think about it, encrypted data is
> fundamentally not compressible, that's the whole point.
x = length(compress(encrypt(data)))
y = length(encrypt(compress(data)))
z = length(encrypt(data))
Then, usually, x > y and z > y, but x is approximately the same as z.
(That's speaking very generally; there may be optimizations in some case
or another given your data.)
That is: encrypted data is less compressible than the original data, but
if you compress first, then encrypt, it should be a win.
If I recall correctly, a "compressed SSH tunnel" would do 'y' (compress
then encrypt). i.e., dovecot would see a non-SSL connection which gets
compressed-then-encrypted, or decrypted-then-uncompressed by the endpoints
of the tunnel.
More information about the dovecot