On Fri, Mar 13, 2015 at 2:34 PM, Marco Gaiarin <marcogaio@???> wrote:
>
> Trying to optimize some traffic, i've looked about an SMTP extension that
> do
> ''on the fly'' compression of traffic, clearly eventually before encrypting
> it.
>
> eg, IMAP protocol specification have a COMPRESS extension.
>
>
> Seems there's no compression for SMTP, but seems also that there's a
> ''generic'' compression for TLS. It is enabled by default in exim?
> Eventually, how enable/configure it?
>
> I won't directly answer the question, but I would advise you to consider
the consequences of enabling TLS compression.
Compression for TLS increases the risk of information leakage.
While the CRIME attack hasn't been successfully demonstrated with SMTP, it
is, as I understand it, theoretically possible to exploit.
To reiterate: no publicly known exploit exists.
--
Jan