[Dovecot] SSL + compression?
Johannes Berg
johannes at sipsolutions.net
Fri Jun 20 23:08:50 EEST 2008
> >> I don't think it does be default. The only what I know is to establish
> >> a compressed SSH tunnel to your server and then access the server over
> >> the tunnel. It will compress and give you an extra layer of encryption.
> >
> > Umm, no. It will not compress. Think about it, encrypted data is
> > fundamentally not compressible, that's the whole point.
>
> x = length(compress(encrypt(data)))
> y = length(encrypt(compress(data)))
> z = length(encrypt(data))
>
> Then, usually, x > y and z > y, but x is approximately the same as z.
> (That's speaking very generally; there may be optimizations in some case
> or another given your data.)
>
> That is: encrypted data is less compressible than the original data, but
> if you compress first, then encrypt, it should be a win.
>
> If I recall correctly, a "compressed SSH tunnel" would do 'y' (compress
> then encrypt). i.e., dovecot would see a non-SSL connection which gets
> compressed-then-encrypted, or decrypted-then-uncompressed by the endpoints
> of the tunnel.
Well, as far as I understood Marc, since he was saying "an extra layer
of encryption" I understood him to mean that he wanted to
encrypt(compress(encrypt(imap stream)))
by building an ssh-tunnelled imaps (or imap/tls) connection. IOW,
dovecot would see an SSL connection too.
johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080620/22bedb8d/attachment.bin
More information about the dovecot
mailing list