Re: [TLS] Certificate compression draft

Victor Vasiliev <vasilvv@google.com> Mon, 06 March 2017 23:51 UTC

Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4CAD1294AE for <tls@ietfa.amsl.com>; Mon, 6 Mar 2017 15:51:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StmAokVeZRDJ for <tls@ietfa.amsl.com>; Mon, 6 Mar 2017 15:51:26 -0800 (PST)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 800CF12941C for <tls@ietf.org>; Mon, 6 Mar 2017 15:51:26 -0800 (PST)
Received: by mail-qk0-x231.google.com with SMTP id v125so119475488qkh.2 for <tls@ietf.org>; Mon, 06 Mar 2017 15:51:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=2Coqih3cakjsPvYfArMmqGaMvwc+XPb7jYCXE8efjg0=; b=LsPgZwLpujvQsSYLK9bedzht9iHhWRLpB9qX3POnYnJP+wo5DinqSeIn6j1PbNAi0U iZQjYod8WwtqwQGmOaN9GRxwQtNE7Zug4WGnFLqBvMtW2syEdptpzaiNdluPU/zRDbzY OEZ1UDQnwoie+If6B1IYwCHEE6FdRigAIIZDLJyXEUjN+Lgn0zm8CX4yRjNIM+RGKgeC W3mppkAOZFEAvT4A0rdgyBih9edA7W1cm33jpZFFQ+mY9LdZZet4RUpyFL6fu6/rmQGU uLfRn3zacdVeMYsTjp0dGSbKaQYIbAikXjfkKP2kIKaupFIC2jQfOQv8mrJNwcaiAjUN /V2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=2Coqih3cakjsPvYfArMmqGaMvwc+XPb7jYCXE8efjg0=; b=IEDVo4XU+Ch6IBnWZyWZCWLGwgX0xZlSI7+zS7gous4/y6WJ8hPVf0CYZxVWG6rfph BDELcRmmmz5od/baE4hN2ViJVmqu7uAQIoRvjTbARWqbV/yp7H1m/pmOdkuhtbAXuk9J zKaPARHV8yiSV+RLOnTswF45E5x53uASCyKNX8qXldFbFx5zG/2ZBbcE9MrcEoroAys4 oesKjgu/eSE1mGZMp/nwFSogAigfL8oHSxW9ULloe66HTjMW9Ce156di4G92jh1t75xP qKWkEWftmiAAxQlQRkVKchp16XNe8dMYGRYIyA3lisvtlT3vNxHF5ha5X6ASp65zGhWy QhCw==
X-Gm-Message-State: AMke39luBTcApa3xNecV0OLXpgyK1RkRFrKU8oWqeQZIC3yQz5TBEyVHDrzDrXfo+ghRA0ufZAZQIGce+acSBZLi
X-Received: by 10.55.187.66 with SMTP id l63mr17283272qkf.292.1488844285324; Mon, 06 Mar 2017 15:51:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.55.47.4 with HTTP; Mon, 6 Mar 2017 15:51:24 -0800 (PST)
In-Reply-To: <69B63AA2-EA81-4994-9E12-72F8B7945319@dukhovni.org>
References: <CAAZdMacAcSUL4sqLPA1E9-z_VaUSd1P5PpPryO+XQso0eUtThw@mail.gmail.com> <CABkgnnU54SeYDBL=YBRQn0ZThk=C59Rztvr2zkUCLSSv2cKTDg@mail.gmail.com> <CAAZdMaf9n_37soxdJ9ACFFke=iXyux82QEVnr5XgmS2bs2FTYA@mail.gmail.com> <69B63AA2-EA81-4994-9E12-72F8B7945319@dukhovni.org>
From: Victor Vasiliev <vasilvv@google.com>
Date: Mon, 6 Mar 2017 18:51:24 -0500
Message-ID: <CAAZdMacQvdyq_QS2B_3vm3-HJoV5ZXrZhJ0gVi0gRxUAwQ7sjA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c0441acc130cf054a189220
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QTnW2XvCkjypgT9IntxzPYWX8xg>
Subject: Re: [TLS] Certificate compression draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 23:51:28 -0000

On Mon, Mar 6, 2017 at 6:29 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> Is 30-50% enough to mitigate concerns about amplification attacks?
> Introducing
> compression increases the attack surface on TLS clients and adds CPU
> cost.  If
> the compression is not sufficiently effective, it is not clear that the
> benefit
> outweighs the cost.
>

It's actually pretty good at this.  My relatively back-of-the-envelope
calculations show that compression increases number of handshakes that fit
into two packets from ~2% to ~54% (for three packets, it goes up from ~52%
to
~97%).


> Wouldn't amplification be better addressed via TCP cookies?  With TCP fast
> open
> restricted to cookie-bearing clients?  With similar mechanisms for UDP, ...


The goal here is to reduce the number of round-trips required to connect to
a
server previously unknown to the client from two to one (otherwise you can
just
put an equivalent of TCP cookie in the ticket).  TCP cookies only work if
you've connected to the server before.

  -- Victor.