~samwhited/xmpp

c60809af01506ece5c5ee01186a51ba219b249b3 — Sam Whited 1 year, 9 months ago 178f135
compress: add security warning to docs

The compression standard may be insecure without taking special care to
flush the dictionary on stanza boundaries.  This must be done on both
the client and the server, and means that compression can't be used
safely unless all implementations behave correctly.  Because of this,
add a warning in the documentation to try and discourage use of this
package.
1 files changed, 4 insertions(+), 0 deletions(-)

M compress/compression.go
M compress/compression.go => compress/compression.go +4 -0
@@ 4,6 4,10 @@

// Package compress implements XEP-0138: Stream Compression and XEP-0229: Stream
// Compression with LZW.
//
// Be advised: stream compression has many of the same security considerations
// as TLS compression (see RFC3749 §6) and may be difficult to implement safely
// without special expertise.
package compress // import "mellium.im/xmpp/compress"

import (