Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt

David Benjamin <davidben@chromium.org> Wed, 13 December 2017 22:44 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D4771274A5 for <tls@ietfa.amsl.com>; Wed, 13 Dec 2017 14:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cj14yvQffZ4V for <tls@ietfa.amsl.com>; Wed, 13 Dec 2017 14:44:32 -0800 (PST)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C7DE1201F8 for <tls@ietf.org>; Wed, 13 Dec 2017 14:44:32 -0800 (PST)
Received: by mail-qk0-x22a.google.com with SMTP id j207so4046142qke.10 for <tls@ietf.org>; Wed, 13 Dec 2017 14:44:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qZ95YX6XVM8vcnRIYjYF8rDTWsU6taUkxAf2qOLzHL4=; b=frtbMv6+2036ZwhTnkVssRCh1vRNAGZRyg2PEFhL2mqzqE4Vm+b98ykYH1C7OayWd1 XNWrzaEl3Gth1pen7KtPVNh2dgWxECaVym4ZyjSi1Yp8eWr7Q1lbyLGoasMt17rJFgit TVAtrhVi1pHd5nRG0dlayzI6WFwB8nGPg7BpY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qZ95YX6XVM8vcnRIYjYF8rDTWsU6taUkxAf2qOLzHL4=; b=XOcShLZytf1nApWaMnRHntQkOpta4EfaMkNOUM6URIoXocchsOiW22oD6TUK4DzBW2 8qcyLRkoSozIZNUfsegQob456nDVChATEBQxBRji9bdYTFEGANXveoLMgQZSWbTP6E+K LRxzMNI5xYE7LMB4JJ6sVhldAQuPFQo081XOa8EVi8/O8afS0QxA3mkjOQztvj+xjwuU m2hxPl1TZQQIoExicYqmrakZ9PAu9QsCFEgbeYGWpKd4GpEY0HcF+tOYIwbqp9XItFFF evKRRaBLsSWuxt0cERwSABiBOA8ew5GYdUJFFPb4fvgQJUTZgZmfK+J+RnWlLlR5sMv6 qNKQ==
X-Gm-Message-State: AKGB3mKOTTYk8Sna2l/vq2lQSTja3Za1B6Z65y6iL8Imajtczy9nnEnd EQzENgon9GN0HHvohWIOgimPuik0XVdF+iL3+uarG3g=
X-Google-Smtp-Source: ACJfBouw1oI75cOavpSZvkMOq3zxDMHVPT4geifdfBBZhve4hSR6PcZWPR2WMIVDd9rHN4GRe3uFJOG/Wu+qlCgh2I0=
X-Received: by 10.55.181.66 with SMTP id e63mr13059354qkf.130.1513205071252; Wed, 13 Dec 2017 14:44:31 -0800 (PST)
MIME-Version: 1.0
References: <151282209956.24790.5482932813219061171@ietfa.amsl.com> <20171213233910.4440a54e@pc1>
In-Reply-To: <20171213233910.4440a54e@pc1>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 13 Dec 2017 22:44:19 +0000
Message-ID: <CAF8qwaBgkv+0EckcpA3C=jsVoAwQ50UD02YZKxXAvQEqJ502ew@mail.gmail.com>
To: =?UTF-8?Q?Hanno_B=C3=B6ck?= <hanno@hboeck.de>
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c06c942bf4c640560408295"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AOZomGAFaxJ1ary3y8bsEqMuoRg>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 22:44:34 -0000

On Wed, Dec 13, 2017 at 5:39 PM Hanno Böck <hanno@hboeck.de>; wrote:

> Hi,
>
> The deployment of TLS 1.3 was delayed because Internet middleboxes
> broke when they saw unknown TLS data.
>
> I guess it's plausible to assume that the same problem will show up
> with compressed certificates. Has any thought been given to that?
>

Everything after the ServerHello in TLS 1.3 is encrypted. A non-terminating
middlebox cannot mess with it, and a correctly-implemented terminating
middlebox would just not negotiate the extension.

As for TLS 1.2, I do not think this specification has any hope of being
deployable in TLS 1.2. We would only negotiate it in TLS 1.3 for BoringSSL.
This isn't much of a loss as this requires a code change to deploy anyway,
and the code change may as well carry TLS 1.3 too.

(To that end, it may be better to explicitly say in the document that the
extension applies to TLS 1.3 only, so other folks don't try to deploy it at
TLS 1.2 and have things break in buggy non-compliant networks they aren't
testing in.)

David