Re: [tor-dev] [patch] properly test for OPENSSL_NO_COMP

[Ian Goldberg <iang@xxxxxxxxxxxxxxx>]

On Sun, Jul 13, 2014 at 11:01:23PM -0400, grarpamp wrote:
> On Sun, Jul 13, 2014 at 7:23 PM, Ian Goldberg <iang@xxxxxxxxxxxxxxx> wrote:
> > On Sun, Jul 13, 2014 at 07:20:29PM -0400, grarpamp wrote:
> >> >    /* Don't actually allow compression; it uses ram and time, but the data
> >> >     * we transmit is all encrypted anyway. */
> >> >      result->ctx->comp_methods = NULL;
> >>
> >> This comment is confusing. Why are you asserting/mixing the two with
> >> the ', but' that 'encryption anyway' is excuse to not compress due to
> >> 'ram/time'? They are two separate things. Either you are encrypting
> >> compressed data, or encrypting uncompressed data.
> >
> > It seems to me the intent of the comment is that the *plaintext* data
> > being transmitted is already encrypted (at another layer), and so is not
> > going to be compressible, so don't waste ram/time trying to do so.
> 
> I though this portion referred to compress then encrypt, not
> encrypt then compress (which would of course be pointless).
> ie: I thought the openssl zlib routines were to compressed then
> encrypted.

Yes, that's right.  But the data to be (optionally compressed then)
encrypted is, in Tor, typically *already* encrypted by the application
layer, so compressing then encrypting that is not better than just
re-encrypting it.

   - Ian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev