Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt

Victor Vasiliev <vasilvv@google.com> Wed, 13 December 2017 00:41 UTC

Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A8E12704A for <tls@ietfa.amsl.com>; Tue, 12 Dec 2017 16:41:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAHIlrv_aN40 for <tls@ietfa.amsl.com>; Tue, 12 Dec 2017 16:41:01 -0800 (PST)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A23126CBF for <tls@ietf.org>; Tue, 12 Dec 2017 16:41:01 -0800 (PST)
Received: by mail-qt0-x22c.google.com with SMTP id e2so1824951qti.0 for <tls@ietf.org>; Tue, 12 Dec 2017 16:41:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0XM6G9RCfz4IUUv6YTiJ3+n79IAQE0wy3xAX0nRcNMM=; b=Rw8Hp/vviNxBZ81GfNMSPTpLKSfN5yIv61Y8KXQe9t3qAsrln0czeDX0cappOfrNEf 38HsKW19MOmzUxfn5ZcTyw/A7qOmNmrvt0FVPCigY/J2SC4E9zZZGRa3Jry+pph5NNOS dlIsXgx6tPIpMIu0NrlZjlMA+VKqNdIaQWMiFObzRYmQiECkksrTaR7hXXt9ANZVAqmE 1drO6JQ6quQJKKIt4uT2kmoplSp3pYjEfiG69cpDi0ld4k25TO0/Pw7AgxprROQHeVV8 rbcnmt/TMbIcfwybXeyekN4OKfacZfjqROZlHsYAHEW+Ts5FtmqKDGZo0bLQPcd14nFo zMWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0XM6G9RCfz4IUUv6YTiJ3+n79IAQE0wy3xAX0nRcNMM=; b=lCL5NkzbdXotFWAgtoavJYHE5NsRJ4zV8rr2cZ5fDIqLRe7eZmDzl4gDtMcrmFQFBp 8OiMlWOMZyU9q3OmNhwiw7jw7+kyX+sSuEvbKo2iLkprc4IZq8L9emQxw+8kiETTrQhy qLczom6/cK4i3lm63xMMwFefu2vywzPr5sIG+nRUzz142ijOcCZ3OGlUC9/bMNWGcAZd B78tKPJgJ1bcBXZdTVhivAXREVm0LCYDOciQH3KiFuxGoQ9ID1r4je35Enn9tkyFVYO2 N5FbEtC3O4MrmPaJGncPcSojwFfOywVaa4vxU5GwYqXJU3PjalA88BbfWxRLTo7rwK4D A4Ng==
X-Gm-Message-State: AKGB3mIIBYhAe2YYfkWRmylkwGb5bEb5D4VbL/OTrAUjglE0O4eBUtd5 aHwXaVIm1tm+O9rnfwS/rlhXyLWXjHgldtQRjE8ZVntpesc=
X-Google-Smtp-Source: ACJfBout+Xq2hpCqX9u9SjJS05Pp7/YELVdLliPME58YfdWWZ/AOMkuGLGFH9bB6s7K796wEFZfApZVGEX3+ys3OyUo=
X-Received: by 10.237.37.5 with SMTP id v5mr8310380qtc.32.1513125660244; Tue, 12 Dec 2017 16:41:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.55.18.33 with HTTP; Tue, 12 Dec 2017 16:40:59 -0800 (PST)
In-Reply-To: <CABkgnnXv6KtUSEj_+rNiPTLd78QX+M0L5k_2ipfSCjnbmp_o7Q@mail.gmail.com>
References: <CABkgnnUu6aE0socrxXm6L11T5F0cdHL-Y5K0deQudOorwEeVqg@mail.gmail.com> <r470Ps-10132i-E0E190ABCD214523B790DE7F83C37914@Williams-MacBook-Pro.local> <CABkgnnXv6KtUSEj_+rNiPTLd78QX+M0L5k_2ipfSCjnbmp_o7Q@mail.gmail.com>
From: Victor Vasiliev <vasilvv@google.com>
Date: Tue, 12 Dec 2017 19:40:59 -0500
Message-ID: <CAAZdMacrTJPhsjTv0+gFNwmhVTE02stY55uE4Vvpf9kRChWqkg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Bill Frantz <frantz@pwpconsult.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113e317c7b7a7c05602e05e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KxD9DhZaCBi4pVOy_0OQ0K1qQ9k>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 00:41:03 -0000

On Mon, Dec 11, 2017 at 6:49 PM, Martin Thomson <martin.thomson@gmail.com>;
wrote:

> Certificates are pretty wasteful, outside of the keys themselves.
> There has to be some significant gains to be had.  I think that we
> have discussed generating a dictionary that would be useful for
> certificates, so if we do that we won't know the full answer yet (I
> see no mention of that in the draft, so I guess that I might be in
> dreamland).


Indeed.  I've presented some numbers on this back in Chicago:


https://datatracker.ietf.org/meeting/98/materials/slides-98-tls-certificare-compression/

There is currently no pre-shared dictionary in the draft, since deciding
what to put into that dictionary is somewhat of a hard question (both
from the technical and from the ecosystem perspective).  I'm still
working on making one, but the current plan is to not block the draft on
this, since the simple scheme is already quite effective, and adding it
is a matter of adding another compression algorithm to the list.