IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-05.txt

Patrick McManus <mcmanus@ducksong.com> Fri, 05 April 2019 11:44 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14C621203D4 for <tls@ietfa.amsl.com>; Fri, 5 Apr 2019 04:44:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=FG060byb; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=aUrQNuK6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PQFY4VU6AwgZ for <tls@ietfa.amsl.com>; Fri, 5 Apr 2019 04:44:53 -0700 (PDT)
Received: from outbound2r.ore.mailhop.org (outbound2r.ore.mailhop.org [54.200.129.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F754120013 for <tls@ietf.org>; Fri, 5 Apr 2019 04:44:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554464692; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=SYzM/VyYWHGKlDw4dnBiaAY+QZ0hQqlZQilm/tQwtPZx3ErPd1Go7LoLxbgr5PvnH2rNN74/i7yZ8 c9Ix3o3C5lmt0mWnh1AJhGCiXqRHJVgao8L96LfMwRKq7FpCXi4+wjyKAyH5C3pG4d4dUrB440xtWt AE1EYCMQEv1IbfqrukeP2Id0jvOx9wM5lA6oqB9SHkTuJT2YGR7Mb+UiW+0pQ7OlJLl1ZnBR0qdoqR 7ryFJAP0l9CMIgiyWdLvj1gfgDnNiewuwrdt/T6QUHTvZt0TvRxXEXnq1zOn8a6XwqVkv4TRtKXsDJ IjULj+AnSwKowTqCzrwwYMoUGd1T6XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=kC9XHZYXdbn2sKtuGqByBtfaqx43Dyn0nwvv3myMsNc=; b=LSPKReUgNEPLWCyKaVz4Izn6dIczkm6w4JlonHD9q5Utanw4qL5Be4MAn9n0ASIa46800WvMtZZj/ YqoY1RMyU2AUl2BADgD1iSS/fyfCrKhi7B1wNrro55vIwk2zrNDjsxbQmWRoIdFvv9eVa3iGNs7/pO vy9UQp6I/QDCUMNIO2a725e8dPw8AuccFAm04QkxAA7Vj3n0jrfArlY7+rmxNHNjlqEOXQeSiE20HO nVGTtFsP2nuPYgApaWabhH2bmW6a0JjwIdUTUcEF7/9TnPPfPoVsv7kYLbN78v1xCm34dLuTugHPYS vvS2NnV2VE1VJO8Kkv4GYRM7F6Wibgw==
ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.210.43; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=kC9XHZYXdbn2sKtuGqByBtfaqx43Dyn0nwvv3myMsNc=; b=FG060byb+ZcFSUSKHwYs9UY25bCQkMNwVf0Zqpvpm++3PTD5KEzYIwtKHmNjsRGwZT7RrFUteBvSk lS27DReOMZ4JMRl/DbDTVugVXzZaV7As4U/CPqBHg7EqASwfY3on4vV6sonhLNmzj+o1JmNC4ojvpM cx4aUnioqqZPUv/k=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=kC9XHZYXdbn2sKtuGqByBtfaqx43Dyn0nwvv3myMsNc=; b=aUrQNuK6T//D54FtjxbqXMGNxdvMX5fM5w+H+VGWmaiTAxJ9xaIeUrh08RlvxRPfWj4R9ChBQkVKM iNJFRje32NOh7S+QP5EH4KVnde0BuItSRw4QUHafNEyJiYmMD7d+4PLpr2XYYe88NeD0mARWVVK9Aa w79qQ79JmhFlOdZ2fbCp9y+jXzOHADsrZrPe04BvRv8BYME5SpzAxlQNOhcal90tUl8FVaXcU3Fb2E jrr4vWznu6K3/iBCciNlgZbbY4yX+ny2F3SmjyYgJVBmk368rNN0LZKixkGi5UgwXI/fYjdxbA0GuW /bRSvv4elg6b7hHVskM0P+C0GlagUgw==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: 383f797f-5798-11e9-befd-af03bedce89f
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.210.43
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-ot1-f43.google.com (unknown [209.85.210.43]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 383f797f-5798-11e9-befd-af03bedce89f; Fri, 05 Apr 2019 11:44:50 +0000 (UTC)
Received: by mail-ot1-f43.google.com with SMTP id j10so5366572otq.0 for <tls@ietf.org>; Fri, 05 Apr 2019 04:44:50 -0700 (PDT)
X-Gm-Message-State: APjAAAXaIwPSJjMcCeeF70EIg9hMFx8O746osTEZ9O+gzxtwK6ljdqKk WZWGsvQfEDZAKrn7Lj77QI1sb2D8eWXv21Dpbbc=
X-Google-Smtp-Source: APXvYqys9fOqzdQNpimFFn+0tVsTrsPJ5l2AAs9n1WX92qSlnkIT20RTbRDAkk7HFfuF5EYWg2K7XjhYIRdRKBpxEtY=
X-Received: by 2002:a9d:2c28:: with SMTP id f37mr8247963otb.126.1554464690037; Fri, 05 Apr 2019 04:44:50 -0700 (PDT)
MIME-Version: 1.0
References: <155445860706.13142.18114741162189514330@ietfa.amsl.com> <740c8243-395d-61ee-ad64-58557ec99526@wizmail.org> <187E4B97-9285-4399-A74A-110886486AD6@ericsson.com>
In-Reply-To: <187E4B97-9285-4399-A74A-110886486AD6@ericsson.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 05 Apr 2019 13:44:37 +0200
X-Gmail-Original-Message-ID: <CAOdDvNpk4VQYAGkr5EVhme4M8vawsCSzvbk-GbzQLWXOksfKmw@mail.gmail.com>
Message-ID: <CAOdDvNpk4VQYAGkr5EVhme4M8vawsCSzvbk-GbzQLWXOksfKmw@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Cc: Jeremy Harris <jgh@wizmail.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aa67e40585c70346"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LIUeWnr5SmKNThyaEmeMy7xs_wI>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-05.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2019 11:44:56 -0000

also congestion control interaction will typically cause more bytes to
incur extra round trips - especially early in the connection.

On Fri, Apr 5, 2019 at 1:04 PM John Mattsson <john.mattsson@ericsson.com>
wrote:

> If fragmentation is used on some layer, lowering the number of bytes can
> definitely reduce the number of round-trips. This should probably be
> explained a bit more.
>
> If used in any of the TLS based EAP methods, the use of compression may
> even be needed to make the handshake complete at all as many access points
> drop EAP connections after 40-50 packets.
> https://tools.ietf.org/html/draft-ms-emu-eaptlscert-02
>
> John
>
> -----Original Message-----
> From: TLS <tls-bounces@ietf.org> on behalf of Jeremy Harris <
> jgh@wizmail.org>
> Date: Friday, 5 April 2019 at 12:35
> To: "TLS@ietf.org" <tls@ietf.org>
> Subject: Re: [TLS] I-D Action:
> draft-ietf-tls-certificate-compression-05.txt
>
>     On 05/04/2019 11:03, internet-drafts@ietf.org wrote:
>     >    In TLS handshakes, certificate chains often take up the majority
> of
>     >    the bytes transmitted.
>     >
>     >    This document describes how certificate chains can be compressed
> to
>     >    reduce the amount of data transmitted and avoid some round trips.
>
>     Reducing the number of bytes (and possibly packets) is a good thing,
>     but how does this reduce roundtrips?
>     --
>     Thanks,
>       Jeremy
>
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org
>     https://www.ietf.org/mailman/listinfo/tls
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email