[Standards] XEP-0138 vs. TLS compression

Dave Cridland dave at cridland.net
Tue Aug 28 22:44:10 UTC 2007


On Tue Aug 28 21:13:03 2007, Tomasz Sterna wrote:
> The TLS standard (or SSLv3) allows the integration of compression
> methods into the communication. The TLS RFC does however not specify
> compression methods or their corresponding identifiers, so there is
> currently no compatible way to integrate compression with unknown 
> peers.
> It is therefore currently not recommended to integrate compression 
> into
> applications. [...]

RFC 3749 does, however, define one, and OpenSSL has automatically 
negotiated it since around 0.9.8. So it's documentation is, erm, 
somewhat outdated.

Quite a few other TLS implementations also support it, although - and 
this is important - not all, especially those where you'd think it 
was most useful, like Symbian. Some of these TLS implementations do, 
however, allow for third party compression algorithms to be plugged 
in (including, apparently, Symbian).

All this came up with the IMAP COMPRESS extension nightmare, which is 
much the same thing as XEP-0138.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list