IETF Logo Mail Archive

Re: [TLS] adopted: draft-ghedini-tls-certificate-compression

David Benjamin <davidben@chromium.org> Wed, 07 June 2017 20:45 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 111D9131491 for <tls@ietfa.amsl.com>; Wed, 7 Jun 2017 13:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgBvMRv_fvYk for <tls@ietfa.amsl.com>; Wed, 7 Jun 2017 13:44:57 -0700 (PDT)
Received: from mail-pg0-x22a.google.com (mail-pg0-x22a.google.com [IPv6:2607:f8b0:400e:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863F6131486 for <tls@ietf.org>; Wed, 7 Jun 2017 13:44:55 -0700 (PDT)
Received: by mail-pg0-x22a.google.com with SMTP id k71so8939407pgd.2 for <tls@ietf.org>; Wed, 07 Jun 2017 13:44:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=F1xE5eyUNzejO0vjWuMyED1mCugPPvK87kyIGP7sSo8=; b=YRclrpbo5A0HfBL6zC30G+hfSBrlxSaN9dOfFgXMmxfWSvpEPzxi4qEaeePjdzlZ85 lvJcV9QAvC9T6A///0P6DJ6GAFflwb+DSOpfcmmXWmz0r0m5lqETqD/GvDIe9RROR6GV VKA0zjbNrY7DcXVvQTV1nSRHS7VT8STahVRnE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=F1xE5eyUNzejO0vjWuMyED1mCugPPvK87kyIGP7sSo8=; b=H1r83UraWTDFxK+KH9qe2broGpwOsIQjCrWmxvFwFF3t/WQbwML9wox/taH55jaOTX wjP/Udo1yvwlBXBYqkKrLmpWnZqQ0oslA2m1cyiYXNf0y/nrdBZCEA8IneDff8Mk+QR/ lKZyitI9t29O2KQItIkJeyeRG5PKxUPC6/k0Tgt+6fF/zNy4UfASHfvOvD+iC6z8wMN+ q7n2fJka9lax37KNK9pK0FIHlcVts0QJlbzdkS7Dq5W/p+aXjGePCJtI9VgSQ6oaREDS Sy6iGa1H3Qn1f0RMKDQn7lCz/py8ExMZe8hPCkBYBhUysh/U6hlGD5GKNGIx4ifWO2as W+3g==
X-Gm-Message-State: AODbwcB2AYoCZCcv+ZrHWq6JzWQmsLJnmKYmDK4AzZqtVJBTY1ior6er An1Q1Ow1dpWYi3UHji6+N3RC78twFEAT
X-Received: by 10.98.33.84 with SMTP id h81mr32679651pfh.81.1496868295075; Wed, 07 Jun 2017 13:44:55 -0700 (PDT)
MIME-Version: 1.0
References: <B3FAE1B5-E608-489F-B3B9-BC966B673D94@sn3rd.com> <FDFEA8C9B9B6BD4685DCC959079C81F5E1953C09@BLREML509-MBS.china.huawei.com> <20170607202848.GA21563@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20170607202848.GA21563@LK-Perkele-V2.elisa-laajakaista.fi>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 07 Jun 2017 20:44:43 +0000
Message-ID: <CAF8qwaABgSMiKQRHVjeO3t+FYQOKz8woeiSiCeg8WMzm0Q0cMA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Raja ashok <raja.ashok@huawei.com>
Cc: "draft-ghedini-tls-certificate-compression@ietf.org" <draft-ghedini-tls-certificate-compression@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113df29c015f4e055164cfae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/R1fGuYsn9nQsoJHpWEbHfSQFTx4>
Subject: Re: [TLS] adopted: draft-ghedini-tls-certificate-compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 20:45:01 -0000

On Wed, Jun 7, 2017 at 4:29 PM Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Wed, Jun 07, 2017 at 05:38:59AM +0000, Raja ashok wrote:
> > Hi Victor & Alessandro,
> >
> > I have gone through the draft and I am having a doubt.
> >
> > >   The extension only affects the Certificate message from the server.
> > >   It does not change the format of the Certificate message sent by the
> > >   client.
> >
> > This draft provides a mechanism to compress only the server certificate
> > message, not the client certificate message. I feel client authentication
> > is not performed in HTTPS of web application. But in all other
> applications
> > (eg. Wireless sensor network) certificate based client authentication is
> > more important.
> >
> > So I suggest we should consider compression on client certificate message
> > also.
>
> Doing client certificate compression would add some complexity, because
> the compression indication currently needs to be external to certificates,
> and there is no place to stick such indication for client certificate.
>

There was a proposal somewhere to:

-  Rename Certificate to CompressedCertificate.

- Allocate a new HandshakeType.compressed_certificate, with
contents CompressedCertificate.

- If the client (respectively, server) sends the extension in the
ClientHello (respectively, CertificateRequest), the server (respectively,
client) is allowed to send a CompressedCertificate message instead of
Certificate. The client (respectively, server) dispatches on the message
type when processing.

This is a little unusual of an extension acknowledgement and conflicts
with, say, another extension which tries to play the same game. (Though the
existing scheme needs to be outermost too since it swaps out the spelling
of the CompressedCertificate message.)

David

v2.23.0 | Report a Bug | By Email