Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt

Alessandro Ghedini <alessandro@ghedini.me> Wed, 03 October 2018 12:36 UTC

Return-Path: <alessandro@ghedini.me>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF4013126D for <tls@ietfa.amsl.com>; Wed, 3 Oct 2018 05:36:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ghedini.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ah5QQQbcsB93 for <tls@ietfa.amsl.com>; Wed, 3 Oct 2018 05:36:48 -0700 (PDT)
Received: from blastoise.ghedini.me (blastoise.ghedini.me [45.32.158.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DECC130FBD for <tls@ietf.org>; Wed, 3 Oct 2018 05:36:48 -0700 (PDT)
Received: from localhost (unknown [IPv6:2a06:98c0:1000:8200:551b:fecd:b73f:7cd4]) by blastoise.ghedini.me (Postfix) with ESMTPSA id 8CF22DF263 for <tls@ietf.org>; Wed, 3 Oct 2018 12:36:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ghedini.me; s=mail; t=1538570206; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eh3Rr8RgYvlQlJAHtgAShF+Mj/iMNDLTz/9sIhPNQHM=; b=acaTH94Pz9OoQOAeGfU+C0hKPPLplF7CgyuOA0SLJTA+DFlMRsIcR7KUpoKkWh5UR5fiqT kYQom2g7X4a42XEuMg5Kl4GXj+G6teyME1YUxOYZCk+3uPtZPNBewE5Ag1VEperhievNb/ EwU6W4CFuXEmHzfUajx+6lXZnePGpBg=
Date: Wed, 3 Oct 2018 13:36:43 +0100
From: Alessandro Ghedini <alessandro@ghedini.me>
To: tls@ietf.org
Message-ID: <20181003123643.GA5454@mandy.flat11.house>
References: <153856977342.9010.10521757586695280@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <153856977342.9010.10521757586695280@ietfa.amsl.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6H9TLwceqHw_rHVzMAYaVlu4I5w>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 12:36:51 -0000

On Wed, Oct 03, 2018 at 05:29:33AM -0700, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
> 
>         Title           : TLS Certificate Compression
>         Authors         : Alessandro Ghedini
>                           Victor Vasiliev
> 	Filename        : draft-ietf-tls-certificate-compression-04.txt
> 	Pages           : 7
> 	Date            : 2018-10-03
> 
> Abstract:
>    In TLS handshakes, certificate chains often take up the majority of
>    the bytes transmitted.
> 
>    This document describes how certificate chains can be compressed to
>    reduce the amount of data transmitted and avoid some round trips.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-04
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression-04
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-certificate-compression-04

This is just a tiny update with a few small fixes and the addition of the
early code points assigned by IANA.

In other news, Chrome landed support for certificate compression in canary
back in July, and Cloudflare deployed support on its edge servers a few
weeks ago.

The data we've seen on the Cloudflare side looks quite promising so far,
although I haven't had the time to do a full analysis yet. We are seeing
reductions in certificates sizes between 1.5-2 KB for both ECDSA and RSA
(meaning a full QUIC packet if not more), with average compressed size
hovering around 2.1-2.4 KB for ECDSA and 2.5-3.5 KB for RSA.

The only remaining open issue is the potential attack illustrated by Subodh
a few months ago https://www.ietf.org/mail-archive/web/tls/current/msg25851.html

>From the reaction on that mailing list discussion, and from talking to people
at the last IETF, it seems to me that the attack doesn't appear to worry people
much and that there isn't much interest in fixing it. Though I thought I'd
mention it again to see if people have anything to add to it, and see if we
can agree on whether we should do anything about it.

Other than that it looks like the draft is in a pretty good shape at this point,
so it'd be nice to have some additional review, and then see if it can proceed
to the next step (which I think would be WGLC).

Cheers