TLS compression

Simon Josefsson simon at josefsson.org
Tue Dec 18 11:44:23 CET 2007


"John Brooks" <aspecialj at gmail.com> writes:

> Assuming the compression is done prior to encryption (I can't recall if it
> is or not),

Right, compression is done before encryption in TLS.  (RFC 3749)

> pretty much any major compression format and especially powerful ones
> like LZMA will compress most things to incredible levels. Standard
> text (i.e. most protocols, websites, etc) tends to compress extremely
> well - i've seen bzip2 reduce hundreds of megabytes of text files to
> 1/4th of their original size, and LZMA is generally regarded as doing
> even better.

Ok.

> One concern would be that LZMA compression is pretty slow. It takes some
> serious CPU effort - it might put a pretty hefty load on the compressing
> side in higher speed connections.

The quote below suggests otherwise, but perhaps it was comparing the
situation against even worse algorithms.  I think the trade-offs are
different for network compression than for file compression.

Right now, the only standard compression algorithm besides DEFLATE is
LZS which is patented as far as I know.  It would be interesting to
compare and develop a free and better alternative..

/Simon

> If the compression is done after encryption, the benefit will be much less
> noticable. Obviously encrypted data will be fairly evenly distributed, so it
> won't be able to compress much.
>
>  - John
>
> On Dec 17, 2007 4:49 AM, Simon Josefsson <simon at josefsson.org> wrote:
>
>> Simon Josefsson <simon at josefsson.org> writes:
>>
>> > Still, I'm not sure if it makes sense for GnuTLS to enable LZO
>> > compression by default any more.  It is not a standard TLS compression
>> > algorithm.  What do people think?  It would also be interesting to
>> > compare it with LZMA, which has gained some popularity lately:
>> >
>> > http://www.7-zip.org/sdk.html
>> > http://tukaani.org/lzma/
>> >
>> > Btw, liblzo* has rather few reverse dependencies on Debian, so except
>> > for gnutls liblzo isn't that widely used.  Dropping it might save space
>> > on most installation.
>>
>> I found this quote:
>>
>> http://www.ddj.com/architect/184405581
>>
>>  Igor Pavlov is the developer behind the amazing 7-Zip compressor,
>>  which has always been available under the GPL. Igor has now created a
>>  separate LZMA SDK, which implements his compression algorithm in a way
>>  that makes it suitable for embedded applications.
>>
>>  On the SDK web page, Igor says that the LZMA code can decompress up to
>>  1 MB/s on a 100 MHz ARM, MIPS, or other RISC CPU. The memory
>>  requirements for decompression are as low as 8-23 KB, and the code may
>>  take up as little as 2-8KB.
>>
>>  This sounds like a great piece of work for embedded developers. Up
>>  until now, the best library out there for this community has been LZO,
>>  which has a few problems that hold it back. Perhaps Igor's product
>>  will now be the go-to library for this community.
>>
>> Perhaps we should do some work in this area...
>>
>> Does anyone know of any real-world benchmarks of TLS compression?  I'd
>> guess that network traffic compression have different properties than
>> file compression.  I would guess that network traffic actually is easier
>> to compress than files, on average; a lot of network traffic are verbose
>> text protocols.
>>
>> /Simon
>>
>>
>> _______________________________________________
>> Gnutls-devel mailing list
>> Gnutls-devel at gnu.org
>> http://lists.gnu.org/mailman/listinfo/gnutls-devel
>>
>
>
>
> -- 
> - John





More information about the Gnutls-devel mailing list