IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt

Benjamin Kaduk <bkaduk@akamai.com> Mon, 29 January 2018 15:24 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78D9912EB01 for <tls@ietfa.amsl.com>; Mon, 29 Jan 2018 07:24:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWdrAsCdioTi for <tls@ietfa.amsl.com>; Mon, 29 Jan 2018 07:24:32 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42BBF12EC75 for <tls@ietf.org>; Mon, 29 Jan 2018 07:22:43 -0800 (PST)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0TFHg7S011023 for <tls@ietf.org>; Mon, 29 Jan 2018 15:22:43 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=Aisg+fJnXt3ECq5VUWHVGx/81Kn/JugldJ7dZRvDIfU=; b=Lme25t5386R6QbWJrNSt+ItI7u3auyOqq7jh2LInV7mUYJp2sV8JsmjhSHJgNxE+WLKy OHhleuBoQmRi/SdcwkCssaJHbOkdRzYEpGf+4d7WkcOIcYyt2iCF2hHUh61op+uy3ug9 Xu3EeYp/+dK0tJTRwsQVC8l6KY39l59Isy5dPgTt107rEqG1xwHfoA5wX99VcFGfCFew kP+7fZDa1UPS6StoyABMqf+/R4WXdi2rkcG9Fbo5U2IWFdqdMy5zFY3z3pFW56Bu9ynU n85aUl29k1Erbr7vpjiJVrQrvabsyIgUlgampHQQfZEzpN9UH3WIbPy6Pd+GqNSBUowo Wg==
Received: from prod-mail-ppoint3 ([96.6.114.86]) by m0050093.ppops.net-00190b01. with ESMTP id 2frhjr1epb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Mon, 29 Jan 2018 15:22:42 +0000
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w0TFL4Q8028723 for <tls@ietf.org>; Mon, 29 Jan 2018 10:22:41 -0500
Received: from prod-mail-relay14.akamai.com ([172.27.17.39]) by prod-mail-ppoint3.akamai.com with ESMTP id 2frnn154qn-1 for <tls@ietf.org>; Mon, 29 Jan 2018 10:22:41 -0500
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay14.akamai.com (Postfix) with ESMTP id F296682ED9 for <tls@ietf.org>; Mon, 29 Jan 2018 08:22:40 -0700 (MST)
To: tls@ietf.org
References: <151696190108.24397.6150515497869897080@ietfa.amsl.com> <20180126102659.GA5204@pinky>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <4ef441ff-6075-626e-b208-a0e5da3d18f0@akamai.com>
Date: Mon, 29 Jan 2018 09:22:40 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <20180126102659.GA5204@pinky>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-29_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=13 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=869 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801290203
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-29_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=13 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=866 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801290202
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8WPLKzTgDzAJefZA4MoEqWcQ54c>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2018 15:24:35 -0000

On 01/26/2018 04:26 AM, Alessandro Ghedini wrote:
> Hello,
>
> Here's a fresh new update based on the latest round of discussion.
>

Thanks, the changes look good.

The new note about "no ServerHello extension to echo back" makes me
wonder if (not) echoing back in Certificate should also be mentioned,
since the TLS 1.3 paradigm is that CertificateRequest extensions are
also "requests" that can get "responses" in the Certificate message.

I also wondered whether there was any sense in reserving codepoint 0 (of
CertificateCompressionAlgorithm) for "uncompressed".  I guess not, since
support for uncompressed certificates is implicit by means of not using
the extension.  But sometimes keeping value 0 (basically) reserved is
still useful.

-Ben

v2.23.0 | Report a Bug | By Email