[therightkey] Thoughts on reducing SCT sizes (was Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan)
Rob Stradling <rob.stradling@comodo.com> Wed, 05 February 2014 12:36 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 338E81A00F7 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 04:36:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.69
X-Spam-Level:
X-Spam-Status: No, score=-0.69 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, J_CHICKENPOX_22=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wWw_-eqgn_u for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 04:36:49 -0800 (PST)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) by ietfa.amsl.com (Postfix) with ESMTP id 065C81A00F3 for <therightkey@ietf.org>; Wed, 5 Feb 2014 04:36:48 -0800 (PST)
Received: (qmail 5738 invoked by uid 1000); 5 Feb 2014 12:36:45 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Wed, 05 Feb 2014 12:36:45 +0000
Message-ID: <52F2305C.5040107@comodo.com>
Date: Wed, 05 Feb 2014 12:36:44 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: certificate-transparency@googlegroups.com
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <CAL9PXLyWFSfHz_230SkWLvr7sUROPv_k0rfKgmkMRRttk-EjGQ@mail.gmail.com>
In-Reply-To: <CAL9PXLyWFSfHz_230SkWLvr7sUROPv_k0rfKgmkMRRttk-EjGQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: therightkey@ietf.org, Ben Laurie <benl@google.com>, CABFPub <public@cabforum.org>
Subject: [therightkey] Thoughts on reducing SCT sizes (was Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan)
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 12:36:52 -0000
On Tue, Feb 4, 2014 at 12:33 PM, Jeremy Rowley wrote: > Three or four proofs for a 27 month certificate is way too many. <snip> > Adding 400 bytes per certificate will make EV certificates unusable by entities concerned with performance. The updated CT+EV plan requires three SCTs for a (maximum length) 27-month EV certificate, not four. 400 bytes for three SCTs is about right though. Assuming RFC6962-compliant v1 SCTs that contain no SCT extensions and are signed using ECDSA and a P-256 private key, then, including all of the ASN.1 fluff for the SCT List certificate extension, I calculate that it'll be... 140 or 141 bytes to embed 1 SCT 261 to 263 bytes to embed 2 SCTs 380 to 383 bytes to embed 3 SCTs For (non-EV) validity periods between 27 and 39 months: 499 to 503 bytes to embed 4 SCTs On 04/02/14 17:52, Adam Langley wrote: <snip> > We should make the SCTs as small as possible Agreed. Time for some back-of-an-envelope sums. For SCT v2, if we were to pack in the data as tightly as possible I reckon we could cut it down to as little as... 84 bytes to embed 1 SCT 159 bytes to embed 2 SCTs 231 bytes to embed 3 SCTs 303 bytes to embed 4 SCTs Here's how... 1. Use a shorter OID for the SCT List extension. Perhaps CABForum could define 2.23.140.n (with n < 128). Save 6 bytes. 2. The first 2 bytes of the SignedCertificateTimestampList structure are its total length. Since this can be calculated from the OCTET STRING length, these 2 bytes could be omitted. Save 2 bytes. 3. Pack the SCT fields into as few bytes as possible for the common case, whilst retaining options for future expansion. Save 37 bytes per SCT. Replace... (1 byte) Version sct_version; (32 bytes) LogID id; (8 bytes) uint64 timestamp; (2+? bytes) CtExtensions extensions; ...with... (2 bits) sct_version (00=v1; 01=v2; 10,11=unassigned) (2 bits) log_id_type (00=SHA-256(log_public_key); 01=1-byte Registered Log ID; 10=2-byte Registered Log ID; 11=4-byte Registered Log ID) (2 bits) timestamp_size (00=8-bytes; 01=6-bytes; 10=5-bytes; 11=4-bytes) (1 bit) extensions (0=CtExtensions is present; 1=CtExtensions is absent) (1 bit) signature_type (0=digitally-signed struct; 1=raw Ed25519 signature) For the common case: (1 byte) Registered Log ID (4 bytes) Timestamp (seconds, not milliseconds) 4. Use the Ed25519 signature scheme instead of ECDSA. ECDSA signatures using a P-256 key seem to be 72 or 73 bytes, whereas Ed25519 signatures are 64 bytes. Save 8 or 9 bytes per SCT. Also, for Ed25519, omit the 2 bytes containing the hash algorithm and signature algorithm from the "digitally-signed struct" header. Save 2 bytes per SCT. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron