Re: [TLS] Certificate compression (a la QUIC) for TLS 1.3
Victor Vasiliev <vasilvv@google.com> Sun, 27 November 2016 04:42 UTC
Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 387941294B6 for <tls@ietfa.amsl.com>; Sat, 26 Nov 2016 20:42:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKantm_yP5PA for <tls@ietfa.amsl.com>; Sat, 26 Nov 2016 20:42:22 -0800 (PST)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BAF2129469 for <tls@ietf.org>; Sat, 26 Nov 2016 20:42:22 -0800 (PST)
Received: by mail-qt0-x22d.google.com with SMTP id n6so96335859qtd.1 for <tls@ietf.org>; Sat, 26 Nov 2016 20:42:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bfaFqaGsQeKvtOUcB5hTxK7qsgbDIm+lBLHcSe5BeUk=; b=ECO0L/tl0Z4qiQgbmx4gBLpH7lAdv/U89PQr5mYqP3mqkNnxhAXBTOUHe/QnmqBmAh roNGJ2IYS4d76zJk4VqvNiKDC8Q0IDlNI6dx95A0bsrdzrGUsWFgoGpIIPz37heMoceb tGr5XcfiwYmrNpoe/k/cz4q8uoVxaQ9PhCz24gJmrJ+Xlo5gYVPjxlkEuk/QZcIgnEq4 hNzb02eJdXOGzbHRt/61CfMZkpIsdy7g5vU0RAQucTb/ABu4EugrD0DdPO8/PVFTk531 X4vSvMXgsn1NkJ2LmkHFV+g9ziVI/MHbklC/USAfk5xOblOz6Ao/8EvziQRnHDSra0ab v6rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bfaFqaGsQeKvtOUcB5hTxK7qsgbDIm+lBLHcSe5BeUk=; b=h6oSr3b9TZBIFEdHCkVEkDB7druPGhUY9jVOPjvDeErGLbgvTLqdpobJNhk9RayNkm Az/THXD3HUK7UCUfXLvLSKBbrwyItE3rxjqYo3fG+56/2E4tQf9kbVjQUF8BZtwpv3lO hW+Wj83nx6UyV1B0aLfxLY8g7COIJEJa5kejVN2WoUC0m/QoBzr34sREpgLh6T7A/Z/r anAImHsAj+mYKP0+3e1iqxZe9tPkh2RcYyrf4CaThlEKRiwQfz5likPSTgk5Qim/8HaW samUxwrwyo2b/SZsFQuK/3CqYxMca7i3p75BkGPvB6XimMY3cbxmvrBVBq6139csBCxv u1BA==
X-Gm-Message-State: AKaTC03+qZP6efTPPUQIooxRCsY46AXTOoY2NlrJd/5c9OcIC4zJlBPX8sS2wqBmrdYzPUUr2gfIL6L3PVJ91d+8
X-Received: by 10.237.53.56 with SMTP id a53mr13033928qte.85.1480221741196; Sat, 26 Nov 2016 20:42:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.55.157.11 with HTTP; Sat, 26 Nov 2016 20:42:20 -0800 (PST)
In-Reply-To: <CABcZeBO-7F-s-jtOj7FLO7kko3B+s9TyyO9WaL2MkvtN9JqYbw@mail.gmail.com>
References: <20161127015437.kfcwpemeppg3yw7h@pinky.local> <CABcZeBO-7F-s-jtOj7FLO7kko3B+s9TyyO9WaL2MkvtN9JqYbw@mail.gmail.com>
From: Victor Vasiliev <vasilvv@google.com>
Date: Sat, 26 Nov 2016 23:42:20 -0500
Message-ID: <CAAZdMacBDy0tbRvu0zR5FShm-nFZB0FmoSsoB3vT2HqTRPqLLA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="001a11c0302a130324054240fb2e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Av8aM6Qi8R1pPcx8IezPNNH6p-s>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Certificate compression (a la QUIC) for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Nov 2016 04:42:24 -0000
I am currently trying to figure out how much of QUIC certificate compression can be adapted to work with TLS. I will submit a draft as soon as I have a working prototype. -- Victor. On Sat, Nov 26, 2016 at 9:03 PM, Eric Rescorla <ekr@rtfm.com> wrote: > TLS already contains a certificate caching mechanism ( > https://tools.ietf.org/html/rfc7924). > > A more general scheme looks like it ought to perform better against new > sites, though I've > also heard some questions about whether the additional complexity tradeoff > is worth it. > If someone wanted to write a certificate compression draft for TLS, this > certainly is something > that would be worth examining. I don't see any reason we would need to > limit/tie it to TLS 1.3 > however. > > -Ekr > > On Sat, Nov 26, 2016 at 5:54 PM, Alessandro Ghedini <alessandro@ghedini.me > > wrote: > >> Hello, >> >> not sure if this has been discussed before (apologies if it has). >> >> QUIC mandates that certificate chains be gzip compressed in order to >> reduce the >> amount of bytes transmitted during full handshake. >> >> The QUIC crypto document says: >> >> Any remaining certificates are gzip compressed with a pre-shared >> dictionary >> that consists of the certificates specified by either of the first two >> methods, and a block of common strings from certificates taken from the >> Alexa top 5000. >> >> https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblH >> d_L2f5LTaDUDwvZ5L6g/edit#heading=h.fgd4sj5avil0 >> >> Has anyone though about including something like that in TLS 1.3? >> >> Given that certificates usually take up most of the bytes exchanged >> during a >> full handshake it seems this could be useful, but I don't know if in >> practice >> the benefits are worth the added complexity. Thoughts? >> >> Cheers >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- [TLS] Certificate compression (a la QUIC) for TLS… Alessandro Ghedini
- Re: [TLS] Certificate compression (a la QUIC) for… Eric Rescorla
- Re: [TLS] Certificate compression (a la QUIC) for… Victor Vasiliev
- Re: [TLS] Certificate compression (a la QUIC) for… Alessandro Ghedini
- Re: [TLS] Certificate compression (a la QUIC) for… Viktor Dukhovni
- Re: [TLS] Certificate compression (a la QUIC) for… Nikos Mavrogiannopoulos
- Re: [TLS] Certificate compression (a la QUIC) for… Hubert Kario
- Re: [TLS] Certificate compression (a la QUIC) for… Nikos Mavrogiannopoulos
- Re: [TLS] Certificate compression (a la QUIC) for… Thomas Pornin
- Re: [TLS] Certificate compression (a la QUIC) for… Salz, Rich
- Re: [TLS] Certificate compression (a la QUIC) for… Bill Frantz
- Re: [TLS] Certificate compression (a la QUIC) for… Victor Vasiliev
- Re: [TLS] Certificate compression (a la QUIC) for… Viktor Dukhovni
- Re: [TLS] Certificate compression (a la QUIC) for… Victor Vasiliev