About compression
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 31 18:57:44 CEST 2017
On Mon 2017-07-31 18:10:39 +0200, Jason A. Donenfeld wrote:
> No, not a chance. Compression is really better left for upper layers.
> I'm not sure I see the value in adding at layer 3. This is an
> especially contentious issue because of the history of complex and
> catastrophic interactions between compression and encryption (such as
> the CRIME and BREACH attacks against TLS).
I just wanted to second this response. Jason's making absolutely the
right choice here, since content-agnostic transports like wireguard have
no way of knowing whether a given stream is a mixture of
confidentiality-sensitive data and attacker-controlled data.
If your application layer knows that certain things can be safely
compressed, it should do the compression itself.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170731/4fe2aa7f/attachment.asc>
More information about the WireGuard
mailing list