IETF Logo Mail Archive

Re: [TLS] adopted: draft-ghedini-tls-certificate-compression

Dave Garrett <davemgarrett@gmail.com> Wed, 07 June 2017 06:23 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1285129BEC; Tue, 6 Jun 2017 23:23:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jcq4A9XVSzAO; Tue, 6 Jun 2017 23:23:22 -0700 (PDT)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22DAF129B63; Tue, 6 Jun 2017 23:23:22 -0700 (PDT)
Received: by mail-qk0-x22f.google.com with SMTP id a199so1226203qkb.2; Tue, 06 Jun 2017 23:23:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-transfer-encoding:message-id; bh=FTe5BJuUecpUf2Kz+7MCKgx3Xyo6el3Ib1whez8KNCo=; b=r5ErjJ9zNpvjDgedaIQ6cnDUyAFJJsNIC21s7/ygJTpbEaTJKQVDNOrpW/Tn+CYM3e jqVqN8yO5r7O3XbhKVlwB5e1+BzScE2nzS5a9zB85AQEs7YPcM++F2NmDKdxraiXeSnW dw4pIdf3WW+Y2ulmZ9vXjh6Ro7EsW3VWeVlE1YGkN5TsrGzJqr7l0+xzg5Jo3Aqv7ow6 IIiAIwQObVIZ0L6a3Q9emLYQ0BPnaUaTTIk+2Fcl+R61wuJuJpqqagVMNi57dibpQE8u 8SeQ5Hh6ZL2OCzuI+Rzny+OyMac2ACMFy0EJcWX5RDT60Kb1jjuHH8c4hGfEdcc1l+9f AjKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=FTe5BJuUecpUf2Kz+7MCKgx3Xyo6el3Ib1whez8KNCo=; b=QXbKurDglH24HPKuklxRAaAumh7loffFEzKRk6ciL0r09S8w+K0bjX2mJvzEwfrDEu Aj8eS7K9bYg7bHMB/MW5xQYibwmVMzwIfGgALJ/9qUk0g8tKj7qPO5+sootozWop782t npm9kpu0Cd8l0ZW4CkzHASIYRf43rg57N9q18paQxcVqlmI5h4nK8zmt8rIYQdi6SoBE Hg0hDH6rDR2NNeGdXtFSBRnmRXGJOBFoOa5FcCfzAtl5Z/OnVRjhJtDOKWnIffWUwHlF oOleHU0/gFV4PGABN/LwPxwRwqpXiomy5/nEHCKaECSxe2C3pYoMGYyNdR32hY8fkIDy C3Ww==
X-Gm-Message-State: AODbwcBL1iKoL2UP23AUNm+hPsCmv3r8hI/dam73mrUUF2g74mxpmAMV NUQMzpPwDSYRrbQmR6E=
X-Received: by 10.55.51.202 with SMTP id z193mr31071390qkz.22.1496816601055; Tue, 06 Jun 2017 23:23:21 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-175-70-41.phlapa.fios.verizon.net. [71.175.70.41]) by smtp.gmail.com with ESMTPSA id i33sm476735qtb.2.2017.06.06.23.23.20 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 06 Jun 2017 23:23:20 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Wed, 07 Jun 2017 02:23:18 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
Cc: Raja ashok <raja.ashok@huawei.com>, "draft-ghedini-tls-certificate-compression@ietf.org" <draft-ghedini-tls-certificate-compression@ietf.org>
References: <B3FAE1B5-E608-489F-B3B9-BC966B673D94@sn3rd.com> <FDFEA8C9B9B6BD4685DCC959079C81F5E1953C09@BLREML509-MBS.china.huawei.com>
In-Reply-To: <FDFEA8C9B9B6BD4685DCC959079C81F5E1953C09@BLREML509-MBS.china.huawei.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201706070223.19120.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NWYe5qorIac4yG5NQkPSBE0QN4k>
Subject: Re: [TLS] adopted: draft-ghedini-tls-certificate-compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 06:23:24 -0000

On Wednesday, June 07, 2017 01:38:59 am Raja ashok wrote:
> So I suggest we should consider compression on client certificate message also.

+1

Additionally, there's one bit of the spec which I question the need for: zlib support. Unless someone can show a legitimate case where zlib will consistently and notably outperform brotli, I don't see the point in defining it as an option. This is a bran new extension; we don't need backwards compatibility here. There's been a general consensus in this WG to avoid algorithm agility unless there's a real reason for it, so I propose we ditch zlib support and make brotli the default and only specified at the start (promoting it to id 0). Should some problem arise in the future where we actually need to use a decades old compression algorithm, it can be added later. Furthermore, we should probably define a pre-defined dictionary for brotli to use here which is based on common strings in certificates, rather than its default one for the general web (if such a thing is practical to do here). This could boost efficiency here and make it even more worth preferring (also likely reducing the size of said dictionary, as the default one is 120kB).


Dave

v2.23.0 | Report a Bug | By Email