| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Jeroen Vermeulen <jtv(at)xs4all(dot)nl>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Marko Kreen <markokr(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Disable OpenSSL compression |
| Date: | 2011-11-10 14:22:51 |
| Message-ID: | 4EBBDE3B.6030305@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/08/2011 12:39 PM, Tom Lane wrote:
> Jeroen Vermeulen<jtv(at)xs4all(dot)nl> writes:
>> Another reason why I believe compression is often used with encryption
>> is to maximize information content per byte of data: harder to guess,
>> harder to crack. Would that matter?
> Yes, it would. There's a reason why the OpenSSL default is what it is.
>
>
An interesting data point on this is that RedHat's nss_compat_ossl
package doesn't support SSL compression at all
<http://fedoraproject.org/wiki/Nss_compat_ossl>, and it's supposed to be
a path to FIPS 140 compliance:
<http://fedoraproject.org/wiki/FedoraCryptoConsolidation>. The latter
URL, incidentally, contains a lot of good information, and lays out many
of the reasons why I'd like to see us support NSS as an alternative to
OpenSSL, notwithstanding the supposed dirtiness of its API. I imagine
this would be of interest to commercial Postgres vendors also.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kääriäinen Anssi | 2011-11-10 14:27:57 | Re: Re: [patch] Include detailed information about a row failing a CHECK constraint into the error message |
| Previous Message | Jan Kundrát | 2011-11-10 13:40:14 | Re: Re: [patch] Include detailed information about a row failing a CHECK constraint into the error message |