Re: [quicwg/base-drafts] Improve Large Server Certificate Scenario (#3784)
Martin Thomson <notifications@github.com> Fri, 26 June 2020 03:33 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB843A10FB for <quic-issues@ietfa.amsl.com>; Thu, 25 Jun 2020 20:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.555
X-Spam-Level:
X-Spam-Status: No, score=-1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFXbGss0h_3h for <quic-issues@ietfa.amsl.com>; Thu, 25 Jun 2020 20:33:43 -0700 (PDT)
Received: from out-21.smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F34B3A10FA for <quic-issues@ietf.org>; Thu, 25 Jun 2020 20:33:43 -0700 (PDT)
Received: from github-lowworker-0f78100.ash1-iad.github.net (github-lowworker-0f78100.ash1-iad.github.net [10.56.25.48]) by smtp.github.com (Postfix) with ESMTP id 9DEF9A04F7 for <quic-issues@ietf.org>; Thu, 25 Jun 2020 20:33:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1593142421; bh=XoF0MkMQc8xWSEF1n7Kub1PsdCjF4bqlodDofIem99I=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=CIzwMjLDIp93+Zp8/qgKgFFGGF9d9Wubn+4U5C2a7vHYI+O/dLp3icMy4d1LBiU2I F6bVTHRczMobeefxFuoPe9hiFkObv6k9S/mhOwyGWTLZAbCbk8d3WDDwfDPoyqjyIS 0SUg/uIBrmPQ7pZhxRtWtwGn2NU25UigPKe4FQX8=
Date: Thu, 25 Jun 2020 20:33:41 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZDYTZIF7GXZ6GJXXF5AFGZLEVBNHHCMZSKYY@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3784/649938850@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3784@github.com>
References: <quicwg/base-drafts/issues/3784@github.com>
Subject: Re: [quicwg/base-drafts] Improve Large Server Certificate Scenario (#3784)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ef56c958ddc2_77423fd0950cd960112014"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/kh37WuB_fIBRaGnCfWFaCIB3I28>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jun 2020 03:33:45 -0000
The thing about the dataset there is that certificate sizes are driven more by the requirements of the current environment. That is, where address validation has already occurred and you are only bound by congestion control limits. There are obviously factors that push people to take advantage of the space available, that primarily being the inclusion of more names. But in the presence of new pressures and new possibilities will create a new incentive structure. ECDSA isn't exactly new, but it leads to much smaller certificate sizes. People deploying QUIC will be able to use ECDSA and to request that their CA do the same for intermediates. That isn't to say that compression isn't worthwhile, but I don't think that it is as critical as Patrick's study might suggest. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3784#issuecomment-649938850
- [quicwg/base-drafts] Improve Large Server Certifi… Nick Banks
- Re: [quicwg/base-drafts] Improve Large Server Cer… Martin Thomson
- Re: [quicwg/base-drafts] Improve Large Server Cer… Nick Banks
- Re: [quicwg/base-drafts] Improve Large Server Cer… Jana Iyengar
- Re: [quicwg/base-drafts] Improve Large Server Cer… Martin Thomson
- Re: [quicwg/base-drafts] Improve Large Server Cer… Lars Eggert
- Re: [quicwg/base-drafts] Improve Large Server Cer… Lucas Pardue
- Re: [quicwg/base-drafts] Improve Large Server Cer… Lars Eggert
- Re: [quicwg/base-drafts] Improve Large Server Cer… Martin Thomson
- Re: [quicwg/base-drafts] Improve Large Server Cer… Martin Thomson