Re: [TLS] RFC 8879 on TLS Certificate Compression

Ben Smyth <research@bensmyth.com> Wed, 02 December 2020 11:13 UTC

Return-Path: <research@bensmyth.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76B903A128F for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 03:13:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bensmyth.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEe9fn4BdFR2 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 03:13:37 -0800 (PST)
Received: from 1.smtp.34sp.com (1.smtp.34sp.com [46.183.9.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A97D3A1114 for <tls@ietf.org>; Wed, 2 Dec 2020 03:13:36 -0800 (PST)
Received: from smtpauth2.mailarray.34sp.com (lvs5.34sp.com [46.183.13.73]) by 1.smtp.34sp.com (Postfix) with ESMTPS id 8D488148007C for <tls@ietf.org>; Wed, 2 Dec 2020 11:12:59 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bensmyth.com; s=dkim; t=1606907579; bh=Fnr02h9SoEUfw90o9qzYfw2fxWHcBL+8daScs/wayT0=; h=References:In-Reply-To:Reply-To:From:Date:Subject:To:Cc; b=c8vZMOQAxqjUNPfM/jT8cFsA2lKRtSOvBO9FuAyDGDWJ6gpEWmd78epiIZjZ5QOJS utP2Lc/2+baVumIuiHkUo1xpJBPgroFuLncYvV8rmxWJ/WBxvDOvsIJ6tnLPU3iPcG yfrpYx/9q7ENkXUJWKW8EEwOaVuSh5bxNIr8VVso=
Received: from mail-vk1-f182.google.com ([209.85.221.182]:39391) by smtpauth2.mailarray.34sp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <research@bensmyth.com>) id 1kkQ4B-00017o-9Y; Wed, 02 Dec 2020 11:12:59 +0000
Received: by mail-vk1-f182.google.com with SMTP id s6so301692vka.3; Wed, 02 Dec 2020 03:12:58 -0800 (PST)
X-Gm-Message-State: AOAM531c+Zmi53idg1Z8T/vXVfu7UotaBR5y9127YTzv6oy0LC2jXGXa X2oAllYZCVFR+RdW7kLRRup3p29mxdUXnoauaZA=
X-Google-Smtp-Source: ABdhPJxQoSQqed6AYl7kgMR3MieI0J9RwHGiyLxUFc2pF//nVtpDDKi6uPyM7+dveiW+WDXNn/kWYiWXGHbG26JPnHM=
X-Received: by 2002:a1f:34c4:: with SMTP id b187mr1017708vka.0.1606907577982; Wed, 02 Dec 2020 03:12:57 -0800 (PST)
MIME-Version: 1.0
References: <20201202073244.20E60F40758@rfc-editor.org>
In-Reply-To: <20201202073244.20E60F40758@rfc-editor.org>
Reply-To: research@bensmyth.com
From: Ben Smyth <research@bensmyth.com>
Date: Wed, 2 Dec 2020 12:12:31 +0100
X-Gmail-Original-Message-ID: <CA+_8xu0PnpdYp5xMkNQ72ZJFqrzgnYU82riDnB-N+nCe0wx9Pw@mail.gmail.com>
Message-ID: <CA+_8xu0PnpdYp5xMkNQ72ZJFqrzgnYU82riDnB-N+nCe0wx9Pw@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ietf-announce@ietf.org, rfc-dist@rfc-editor.org, drafts-update-ref@iana.org, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005f654305b5795383"
X-Authenticated-As: research@bensmyth.com
X-OriginalSMTPIP: 209.85.221.182
X-34spcom-MailScanner-Information: Please contact the ISP for more information
X-34spcom-MailScanner-ID: 8D488148007C.A7934
X-34spcom-MailScanner: Found to be clean
X-34spcom-MailScanner-SpamCheck: not spam, SpamAssassin (score=-11.1, required 6.5, autolearn=disabled, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, SPF_PASS -0.00, X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED -10.00, X34SP_OVERRIDE -1.00)
X-34spcom-MailScanner-From: research@bensmyth.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-GLv2b_kJSr2YTcHTQfGc9_2gR4>
Subject: Re: [TLS] RFC 8879 on TLS Certificate Compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 11:13:39 -0000

On Wed, 2 Dec 2020 at 08:32, <rfc-editor@rfc-editor.org> wrote:

> In TLS handshakes, certificate chains often take up the majority of
> the bytes transmitted.
>
> This document describes how certificate chains can be compressed to
> reduce the amount of data transmitted and avoid some round trips.
>

Round trips are only mentioned in the abstract. It's perhaps worth
mentioning when round trips are saved: When a certificate chain would
exceed a client's receive window or a server's congestion window. Servers
have no control over receive windows, so round trips can only be avoided by
reducing certfication chain length.