On Fri, 20 Jun 2008, Johannes Berg wrote:
I don't think it does be default. The only what I know is to establish a compressed SSH tunnel to your server and then access the server over the tunnel. It will compress and give you an extra layer of encryption.
Umm, no. It will not compress. Think about it, encrypted data is fundamentally not compressible, that's the whole point.
[...me...]
Well, as far as I understood Marc, since he was saying "an extra layer of encryption" I understood him to mean that he wanted to
encrypt(compress(encrypt(imap stream)))
by building an ssh-tunnelled imaps (or imap/tls) connection. IOW, dovecot would see an SSL connection too.
Hmm, yes. I took it to mean that the 'encrypt' of
encrypt(compress(imap stream))
was the "extra layer". But, I think your interpretation is more easily arrived at, and if it's what Mark meant, you're absolutely right that the tunnel won't help.
A compressed SSH tunnel to regular, non-SSL IMAP should work to reduce traffic, though.
Best, Ben