[TLS] Certificate compression draft
Victor Vasiliev <vasilvv@google.com> Mon, 06 March 2017 22:58 UTC
Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD3D129A6B for <tls@ietfa.amsl.com>; Mon, 6 Mar 2017 14:58:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TauGQkrSCX6r for <tls@ietfa.amsl.com>; Mon, 6 Mar 2017 14:58:13 -0800 (PST)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40419129545 for <TLS@ietf.org>; Mon, 6 Mar 2017 14:58:10 -0800 (PST)
Received: by mail-qk0-x22d.google.com with SMTP id y76so49099077qkb.0 for <TLS@ietf.org>; Mon, 06 Mar 2017 14:58:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=0BcMc9C4GVjQiJdqqPXGV12qLMHlxAhAP+0FwqyXraw=; b=DOnjLTaYTOzJqyjpp4SAUpuCXwiyHHvtoF+1HFVej7LVoYEuJ8SgbK1QAsNZGPFii9 QC5GmliUlyyTHhYAVWcIG+dtmGq+U551qNhBmuGa8l/1GSA89moU+w64uVkIgj6P+pqY t4zncq6p3BCEC2GZRQETNh5g7Dn6aIcrtDSMI/0fhJk0Su5mD02hVHUwlwnb0J4j4hBa yCSQuN7KBmZuOg1/HZhOkB34NcxwQArBuKb1/ikliKwQTLzH1y0zzRjwEj4+sqmjZjFh Xg7/nLKNc8Q/ynH6L0u76zE1R/v/6C6eMZF7egEmEl8QyqfoUh1ibVdkcTMzF1lGIppA SOeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0BcMc9C4GVjQiJdqqPXGV12qLMHlxAhAP+0FwqyXraw=; b=i2H9EJIVGvix1sbvHf8nQpFT3iZjyYBx4UCXiwa8bAutq8FZzjWhi5qm0Pieig6vBI lWfYFUJpfawQaBR6jBv+iQEvrAyDM3o3DEnShdS98VGXSrzaHuu1Mg6b2bA8NP6tHfX+ MQ1yyKqgTd8naQLL+04/+ydMZDVLTsI4zAQ8SmMIgeuqoKBQa+pE6MU6wzPvgG+WV1HH Is1SlPBC1oZTdkpWQZ+yDUhXDBToHzEg22xYafhe14y1qMCK9Dohc2yU0ODr4ObdWgLn GyR9aMj+GfNVJV3wHU2rbe0gm5ZOBa9PhUWCX7Rdeoh3FLaE9gz1YbP4/Pcx++KzB8xW UM0w==
X-Gm-Message-State: AMke39nH/LV49tvFK86q9RTtb0vAXDEkIUJ8wT0i+I/lBhzcTDSFInNL9osXwVOcWi/rsbt7gyfdj8RtknXd2Tgx
X-Received: by 10.200.35.36 with SMTP id a33mr17815593qta.216.1488841089081; Mon, 06 Mar 2017 14:58:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.55.47.4 with HTTP; Mon, 6 Mar 2017 14:58:08 -0800 (PST)
From: Victor Vasiliev <vasilvv@google.com>
Date: Mon, 06 Mar 2017 17:58:08 -0500
Message-ID: <CAAZdMacAcSUL4sqLPA1E9-z_VaUSd1P5PpPryO+XQso0eUtThw@mail.gmail.com>
To: "tls@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="001a113a7db83e4cfb054a17d438"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/20ZYRZgSkfIQs3ClBNGoaVW1CKo>
Subject: [TLS] Certificate compression draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 22:58:15 -0000
Certificate compression has been discussed on this list briefly before, and there was some interest in at least considering a draft for it. The draft now exists (co-authored by Alessandro and myself), and it can be found at: https://datatracker.ietf.org/doc/draft-ghedini-tls-certificate-compression/ [ GitHub repo: https://github.com/ghedo/tls-certificate-compression ] The proposed scheme allows a client and a server to negotiate a compression algorithm for the server certificate message. The scheme is purely opt-in on both sides. The current version of the draft defines zlib and Brotli compression, both of which are well-specified formats with an existing deployment experience. There are multiple motivations to compress certificates. The first one is that the smaller they are, the faster they arrive (both due to the transfer time and a decreased chance of packet loss). The second, and more interesting one, is that having small certificates is important for QUIC in order to achieve 1-RTT handshakes while limiting the opportunities for amplification attacks. Currently, TLS 1.3 over TCP without client auth looks like this: Round trip 1: client sends SYN, server sends SYN ACK Here, the server provides its own random value which client will have to echo in the future. Round trip 2: client sends ACK, ClientHello, server sends ServerHello...Finished Here, ACK confirms to server that the client can receive packets and is not just spoofing its source address. Server can send the entire ServerHello to Finished flight. In QUIC, we are trying to merge those two rounds into one. The problem, however, is that the ClientHello is one packet, and ServerHello...Finished can span multiple packets, meaning that this could be used as an amplification attack vector since the client's address is not yet authenticated at this point. In order to address this, the server has to limit the number of packets it sends during the first flight (i.e. ServerHello...Finished flight). Since certificates make up the majority of data in that flight, making them smaller can push them under the limit and save a round-trip. Cheers, Victor.
- [TLS] Certificate compression draft Victor Vasiliev
- Re: [TLS] Certificate compression draft Martin Thomson
- Re: [TLS] Certificate compression draft Victor Vasiliev
- Re: [TLS] Certificate compression draft Viktor Dukhovni
- Re: [TLS] Certificate compression draft Vlad Krasnov
- Re: [TLS] Certificate compression draft Victor Vasiliev
- Re: [TLS] Certificate compression draft Victor Vasiliev
- Re: [TLS] Certificate compression draft Martin Thomson
- Re: [TLS] Certificate compression draft Vlad Krasnov
- Re: [TLS] Certificate compression draft Ryan Sleevi
- Re: [TLS] Certificate compression draft Viktor Dukhovni
- Re: [TLS] Certificate compression draft Martin Thomson
- Re: [TLS] Certificate compression draft Hannes Tschofenig
- Re: [TLS] Certificate compression draft Rob Stradling
- Re: [TLS] Certificate compression draft Eric Rescorla
- Re: [TLS] Certificate compression draft Victor Vasiliev
- Re: [TLS] Certificate compression draft Sankalp Bagaria
- Re: [TLS] Certificate compression draft Ryan Sleevi
- Re: [TLS] Certificate compression draft Eric Rescorla
- Re: [TLS] Certificate compression draft Benjamin Kaduk
- Re: [TLS] Certificate compression draft David Benjamin
- Re: [TLS] Certificate compression draft Eric Rescorla
- Re: [TLS] Certificate compression draft Eric Rescorla
- Re: [TLS] Certificate compression draft Sankalp Bagaria