Re: [TLS] adopted: draft-ghedini-tls-certificate-compression
mrex@sap.com (Martin Rex) Wed, 07 June 2017 20:51 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2214A1252BA; Wed, 7 Jun 2017 13:51:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.421
X-Spam-Level:
X-Spam-Status: No, score=-6.421 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BSZMXeajOIP; Wed, 7 Jun 2017 13:51:00 -0700 (PDT)
Received: from smtpde01.smtp.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7195124BE8; Wed, 7 Jun 2017 13:50:59 -0700 (PDT)
Received: from mail08.wdf.sap.corp (mail01.sap.corp [194.39.131.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde01.smtp.sap-ag.de (Postfix) with ESMTPS id 3wjggj3gHWz1J9C; Wed, 7 Jun 2017 22:50:57 +0200 (CEST)
X-purgate-ID: 152705::1496868657-00000816-66E2A85C/0/0
X-purgate-size: 1415
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail08.wdf.sap.corp (Postfix) with ESMTP id 3wjggh6nMwz2xdT; Wed, 7 Jun 2017 22:50:56 +0200 (CEST)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id E3A4D1A662; Wed, 7 Jun 2017 22:50:56 +0200 (CEST)
In-Reply-To: <20170607202848.GA21563@LK-Perkele-V2.elisa-laajakaista.fi>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Wed, 07 Jun 2017 22:50:56 +0200
CC: Raja ashok <raja.ashok@huawei.com>, "draft-ghedini-tls-certificate-compression@ietf.org" <draft-ghedini-tls-certificate-compression@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Reply-To: mrex@sap.com
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20170607205056.E3A4D1A662@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2KLTTcyb2sUoz0NCFrWcrnXSknE>
Subject: Re: [TLS] adopted: draft-ghedini-tls-certificate-compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 20:51:02 -0000
Ilari Liusvaara wrote: >On Wed, Jun 07, 2017 at 05:38:59AM +0000, Raja ashok wrote: >> Hi Victor & Alessandro, >> >> I have gone through the draft and I am having a doubt. >> >>> The extension only affects the Certificate message from the server. >>> It does not change the format of the Certificate message sent by the >>> client. >> >> This draft provides a mechanism to compress only the server certificate >> message, not the client certificate message. I feel client authentication >> is not performed in HTTPS of web application. But in all other applications >> (eg. Wireless sensor network) certificate based client authentication is >> more important. >> >> So I suggest we should consider compression on client certificate message >> also. > > Doing client certificate compression would add some complexity, because > the compression indication currently needs to be external to certificates, > and there is no place to stick such indication for client certificate. A TLS extension could do this indication just fine. ASN.1 DER encoded X.509v3 certificates all have the same first 12 bits. 0x30 0x8* So sending an indication inband should also be possible. But a negotiated TLS extension (proposed by client in ClientHello, confirmed by server in ServerHello) could also change the Certificate PDU to provide room for a seperate indicator. -Martin
- [TLS] adopted: draft-ghedini-tls-certificate-comp… Sean Turner
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Hanno Böck
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Raja ashok
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Dave Garrett
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Piotr Sikora
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Salz, Rich
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Ilari Liusvaara
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… David Benjamin
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Martin Rex
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Dave Garrett
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Watson Ladd
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Piotr Sikora
- Re: [TLS] adopted: draft-ghedini-tls-certificate-… Martin Thomson