IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt

Olivier Levillain <olivier.levillain@ssi.gouv.fr> Wed, 14 February 2018 09:20 UTC

Return-Path: <olivier.levillain@ssi.gouv.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA8C126D73 for <tls@ietfa.amsl.com>; Wed, 14 Feb 2018 01:20:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_FAIL=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W3RPFDskmfTk for <tls@ietfa.amsl.com>; Wed, 14 Feb 2018 01:20:03 -0800 (PST)
Received: from garfield.picty.org (garfield.picty.org [82.231.235.137]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F19126B6D for <tls@ietf.org>; Wed, 14 Feb 2018 01:20:02 -0800 (PST)
Received: from [127.0.0.1] (unknown [80.12.43.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by garfield.picty.org (Postfix) with ESMTPSA id 25B06A2 for <tls@ietf.org>; Wed, 14 Feb 2018 10:20:00 +0100 (CET)
To: tls@ietf.org
References: <151696190108.24397.6150515497869897080@ietfa.amsl.com>
From: Olivier Levillain <olivier.levillain@ssi.gouv.fr>
Message-ID: <2829c71e-d97a-ccd6-6252-b6b5439e6c70@ssi.gouv.fr>
Date: Wed, 14 Feb 2018 10:19:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <151696190108.24397.6150515497869897080@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: fr-FR
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QAkn_J75QJXxU4Ff5yevOtZ77ic>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Feb 2018 09:20:05 -0000

Hi list,

Le 26/01/2018 à 11:18, internet-drafts@ietf.org a écrit :
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
> 
>         Title           : Transport Layer Security (TLS) Certificate Compression
>         Authors         : Alessandro Ghedini
>                           Victor Vasiliev
> 	Filename        : draft-ietf-tls-certificate-compression-02.txt
> 	Pages           : 7
> 	Date            : 2018-01-26


I am sorry I am late in the process of commenting this draft, but I have
a question about the CompressedCertificate message: why does it contain
an uncompressed_length field?

What is the point of this field which can not be trusted? If the idea is
to give a hint of how long a certificate is, we already know that.

Since the whole goal of this draft is to reduce the size of the message,
I would strongly suggest this field be removed. It is too much a
temptation to be considered as a reliable information for shaky
implementations.

Best regards,
Olivier Levillain

v2.23.0 | Report a Bug | By Email