IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)

"Kampanakis, Panos" <kpanos@amazon.com> Mon, 14 February 2022 03:33 UTC

Return-Path: <prvs=03735d073=kpanos@amazon.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE8E3A0D2E for <tls@ietfa.amsl.com>; Sun, 13 Feb 2022 19:33:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.174
X-Spam-Level:
X-Spam-Status: No, score=-10.174 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3G-rBTBajUG for <tls@ietfa.amsl.com>; Sun, 13 Feb 2022 19:33:30 -0800 (PST)
Received: from smtp-fw-80007.amazon.com (smtp-fw-80007.amazon.com [99.78.197.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 719CA3A0D11 for <tls@ietf.org>; Sun, 13 Feb 2022 19:33:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1644809610; x=1676345610; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=lmbTY1rFJ6ZEDMWuMIw6yq9mgVvLHDtOyOFtop/hots=; b=kpP3H7zom9V4cR04ncmvAPAICxdchBLMM19oQ020vjje/pLh6WZcB1RW z5EgFJKWXBJa+g47VdH0HdrAKEfK5iwvPPaSnJrNCItoaplNIqrBH3jjR OIDtnOKgUkVzLs9PS2w/VJNQnqlli9JaQnDTImQ0Zcw8ZrkeIX91/iy2D A=;
X-IronPort-AV: E=Sophos;i="5.88,366,1635206400"; d="scan'208";a="62731296"
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1a-87b71607.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-80007.pdx80.corp.amazon.com with ESMTP; 14 Feb 2022 03:33:14 +0000
Received: from EX13MTAUWC001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1a-87b71607.us-east-1.amazon.com (Postfix) with ESMTPS id 28381140FFC; Mon, 14 Feb 2022 03:33:13 +0000 (UTC)
Received: from EX13D14UWC002.ant.amazon.com (10.43.162.214) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Mon, 14 Feb 2022 03:33:13 +0000
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13D14UWC002.ant.amazon.com (10.43.162.214) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Mon, 14 Feb 2022 03:33:12 +0000
Received: from EX13D01ANC003.ant.amazon.com ([10.43.157.68]) by EX13D01ANC003.ant.amazon.com ([10.43.157.68]) with mapi id 15.00.1497.028; Mon, 14 Feb 2022 03:33:05 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: "tls@ietf.org" <tls@ietf.org>
CC: Bas Westerbaan <bas@cloudflare.com>, "Bytheway, Cameron" <bythewc@amazon.com>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)
Thread-Index: AdghU4+EMFFuriJ+SLKnIIleOIJolA==
Date: Mon, 14 Feb 2022 03:33:05 +0000
Message-ID: <83f923185c3741ccb668826f5b11b0c3@EX13D01ANC003.ant.amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.157.155]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Rr9EONGcYRUoThtitUE6g88AsFk>
Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 03:33:43 -0000

Hi TLS WG,

This draft draft-kampanakis-tls-scas-latest is attempting to resurrect Martin’s original draft-thomson-tls-sic. It proposes using two new TLS 1.3 flags (draft-ietf-tls-tlsflags ) to signal to the TLS server or client to not send its Intermediate CA (ICA) certificates. 

It assumes that we can pre-cache or load all the necessary intermediate CAs in order to build the cert chains to authenticate peers. As a data point, the size of a full ICA cache for the web would be 1-2MB (1-2 thousand ICAs) based on testing and 3rd party data [7][8]. 1-2MB is trivial for most usecases. When it is not, other caching mechanisms can be used. 

The main usecases that would benefit from this would be 
- post-quantum (D)TLS (PQ certs are going to be big and thus introduce issues for (D)TLS and QUIC [1][2][3][4]).
- EAP-TLS in cases with big cert chains [5][6]
- constrained environments where even a few KB in a (D)TLS handshake matter

We believe we have addressed the comments regarding the original draft https://mailarchive.ietf.org/arch/browse/tls/?q=draft-thomson-tls-sic  

Feedback and discussion are welcome. 

Rgs,
Panos

[1] https://blog.cloudflare.com/sizing-up-post-quantum-signatures/   
[2] https://www.ndss-symposium.org/ndss-paper/post-quantum-authentication-in-tls-1-3-a-performance-study/  
[3] https://dl.acm.org/doi/10.1145/3386367.3431305 
[4] https://assets.amazon.science/00/f8/aa76ff93472d9b55b6a84716e34c/speeding-up-post-quantum-tls-handshakes-by-suppressing-intermediate-ca-certificates.pdf 
[5] https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert 
[6] https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13 
[7] https://github.com/FiloSottile/intermediates  
[8] https://ccadb-public.secure.force.com/mozilla/MozillaIntermediateCertsCSVReport  

 

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Sunday, February 13, 2022 2:34 PM
To: Bas Westerbaan <bas@cloudflare.com>; Bytheway, Cameron <bythewc@amazon.com>; Martin Thomson <mt@lowentropy.net>; Kampanakis, Panos <kpanos@amazon.com>
Subject: [EXTERNAL] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



A new version of I-D, draft-kampanakis-tls-scas-latest-00.txt
has been successfully submitted by Panos Kampanakis and posted to the IETF repository.

Name:           draft-kampanakis-tls-scas-latest
Revision:       00
Title:          Suppressing CA Certificates in TLS 1.3
Document date:  2022-02-13
Group:          Individual Submission
Pages:          10
URL:            https://www.ietf.org/archive/id/draft-kampanakis-tls-scas-latest-00.txt
Status:         https://datatracker.ietf.org/doc/draft-kampanakis-tls-scas-latest/
Htmlized:       https://datatracker.ietf.org/doc/html/draft-kampanakis-tls-scas-latest


Abstract:
   A TLS client or server that has access to the complete set of
   published intermediate certificates can inform its peer to avoid
   sending certificate authority certificates, thus reducing the size of
   the TLS handshake.




The IETF Secretariat

v2.23.0 | Report a Bug | By Email