[Dovecot] SSL + compression?

Benjamin R. Haskell dovecot at benizi.com
Fri Jun 20 23:04:51 EEST 2008

On Fri, 20 Jun 2008, Johannes Berg wrote:

>> I don't think it does be default. The only what I know is to establish 
>> a compressed SSH tunnel to your server and then access the server over 
>> the tunnel. It will compress and give you an extra layer of encryption.
> Umm, no. It will not compress. Think about it, encrypted data is 
> fundamentally not compressible, that's the whole point.

x = length(compress(encrypt(data)))
y = length(encrypt(compress(data)))
z = length(encrypt(data))

Then, usually, x > y and z > y, but x is approximately the same as z. 
(That's speaking very generally; there may be optimizations in some case 
or another given your data.)

That is: encrypted data is less compressible than the original data, but 
if you compress first, then encrypt, it should be a win.

If I recall correctly, a "compressed SSH tunnel" would do 'y' (compress 
then encrypt). i.e., dovecot would see a non-SSL connection which gets 
compressed-then-encrypted, or decrypted-then-uncompressed by the endpoints 
of the tunnel.


More information about the dovecot mailing list