Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt

Victor Vasiliev <vasilvv@google.com> Tue, 30 January 2018 22:02 UTC

Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5BE11300CE for <tls@ietfa.amsl.com>; Tue, 30 Jan 2018 14:02:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PfiBGAYOgonb for <tls@ietfa.amsl.com>; Tue, 30 Jan 2018 14:02:34 -0800 (PST)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80D5B13088A for <tls@ietf.org>; Tue, 30 Jan 2018 14:02:33 -0800 (PST)
Received: by mail-qt0-x232.google.com with SMTP id o35so19279184qtj.13 for <tls@ietf.org>; Tue, 30 Jan 2018 14:02:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tcEMoBLJinDidjnn/HUobyjL/hIOCfqQmCcyr/okLl4=; b=BhLdeYCLVHxen7n2kJ8GlJ0zc2MWdUfCzEgbKrNFRRki09O6LjdGSJA6VrZWbwyh4S Vo50CrIpf8s5/MOgN8YDJSAeVb+GzsZV63BKZbM4pI6MII6U1hIJYTfR2fBUaykXLS3R m0MaxAMU7I4D3pCwavRbuG79imTDXYwT9WencjJ/QAo6S4tE/ctLLpL3U1X8sQ3i0VNC Lx01bYgUGXZ8pw7ZVSt9p1MOZ8SaoNzv4dxTZhJFTBWYID9mmhOo8UvMJy+rBxvMefGQ Q4JoI1Q/M17EjJiPNgzFhbi3PIOWkxl7YGdvaGZ9uh9DRNQnh8qnMSQt/AaYJSNOyXP4 E7wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tcEMoBLJinDidjnn/HUobyjL/hIOCfqQmCcyr/okLl4=; b=NMdmlCp9/Y0WCxEQST47nq7KY6Czoshbb8szhAYpCkCAeJtuIw2zJa9b7YmhSRoU7L Y9lPYlYRydG+Y7GVh+5fsI6V3hnJna+6VKlHWHmZWKw4XmW8dPcaFnW3WBBRSm7Ff5Kl 57ETU6YFJndH9KRFB2di5cXgGqNLlfVpEZkBpXgjb5zuF8TqwBdtxsAgTcP3awcwaWSV W3qgI1r5VoYsPRunmHInWrvILqG+ulc8YzqcMt5afJBuY9Rn71WpuFxmK9MuUdrYKOml mPkK7/OrcI8JytmSnBhqbZqAAOiokvs345mPuKN9xd2pupWjEtqugdkbeYTh9e4c8yqD B0eQ==
X-Gm-Message-State: AKwxytdp7GVKtPPGtNHD8FXU9gzbZsRVQ7GjMNnKYR1Z101JFwKbMyKm X9QLPyjOy4en3W0z5B0q3a0yutfS8Rm2HkHhP0i0xsPI
X-Google-Smtp-Source: AH8x2250Y+1hMXm+RxSzKAZ7GydbLugiw10zeZmWje5Eyd0zMNyOA0PjW0r5ruEBug7Xe6ISprElZdZS7dfi7WlWesc=
X-Received: by 10.200.18.131 with SMTP id y3mr37031739qti.330.1517349752385; Tue, 30 Jan 2018 14:02:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.55.12.130 with HTTP; Tue, 30 Jan 2018 14:02:31 -0800 (PST)
In-Reply-To: <4ef441ff-6075-626e-b208-a0e5da3d18f0@akamai.com>
References: <151696190108.24397.6150515497869897080@ietfa.amsl.com> <20180126102659.GA5204@pinky> <4ef441ff-6075-626e-b208-a0e5da3d18f0@akamai.com>
From: Victor Vasiliev <vasilvv@google.com>
Date: Tue, 30 Jan 2018 17:02:31 -0500
Message-ID: <CAAZdMaczieoBKBo21Hpm36V6k=SY_UORqwguma0QGh3JJW4wPA@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e08289828fe805105640584ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RT5IhFdRWcjLRKqeCLCO5kCk1XQ>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2018 22:02:37 -0000

On Mon, Jan 29, 2018 at 10:22 AM, Benjamin Kaduk <bkaduk@akamai.com> wrote:
>
> The new note about "no ServerHello extension to echo back" makes me
> wonder if (not) echoing back in Certificate should also be mentioned,
> since the TLS 1.3 paradigm is that CertificateRequest extensions are
> also "requests" that can get "responses" in the Certificate message.
>

True, though I guess this depends on your definition of "response"?


> I also wondered whether there was any sense in reserving codepoint 0 (of
> CertificateCompressionAlgorithm) for "uncompressed".  I guess not, since
> support for uncompressed certificates is implicit by means of not using
> the extension.  But sometimes keeping value 0 (basically) reserved is
> still useful.
>

I've considered that, but decided that this would just introduce two ways
to do
the same thing (send certificate uncompressed), so I decided against it.