COMPRESS can be activated after authentication has completed, thus reducing the chances that authentication credentials can be leaked via, for instance, a CRIME attack ([RFC7457], Section 2.6).