Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt

Alessandro Ghedini <alessandro@ghedini.me> Thu, 04 October 2018 17:01 UTC

Return-Path: <alessandro@ghedini.me>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA646130E78 for <tls@ietfa.amsl.com>; Thu, 4 Oct 2018 10:01:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ghedini.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHGsQcp1kFtN for <tls@ietfa.amsl.com>; Thu, 4 Oct 2018 10:01:33 -0700 (PDT)
Received: from blastoise.ghedini.me (blastoise.ghedini.me [IPv6:2001:19f0:6c01:a56:5400:1ff:fe4a:5694]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37AAA130DD3 for <tls@ietf.org>; Thu, 4 Oct 2018 10:01:33 -0700 (PDT)
Received: from localhost (185-33-211-9.g3ns.net [185.33.211.9]) by blastoise.ghedini.me (Postfix) with ESMTPSA id 6393EDF68F; Thu, 4 Oct 2018 17:01:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ghedini.me; s=mail; t=1538672491; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kTqpLoKCxZxIA2VUOQeC4WstzPOvVtmVdPzLoO+G+UY=; b=e8K1IzxyKp+mztg9jmyzFypE9thBApOYeNAGqzeZHJmHtP1jpbkLF9GUaqrD7a40Cygcvp wAIpFiGCAhXIFLLeja7/LX12XC3MwJcSEwVfTAK7sKzylAfNPUcgYkoPQZcuMzhSjjroKy ICIniyctN4hCV+U7UeEX5jAp/7aAhGI=
Date: Thu, 04 Oct 2018 18:01:24 +0100
From: Alessandro Ghedini <alessandro@ghedini.me>
To: Sean Turner <sean@sn3rd.com>
Cc: tls@ietf.org
Message-ID: <20181004170124.GA13528@mandy.flat11.house>
References: <153856977342.9010.10521757586695280@ietfa.amsl.com> <20181003123643.GA5454@mandy.flat11.house> <EC87E55E-A342-40D7-9E09-DB790B04BB9F@sn3rd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <EC87E55E-A342-40D7-9E09-DB790B04BB9F@sn3rd.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/S_or42ahyiVDFmqvHVYkb-H1X1M>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 17:01:36 -0000

On Wed, Oct 03, 2018 at 01:15:22PM -0400, Sean Turner wrote:
> 
> 
> > On Oct 3, 2018, at 08:36, Alessandro Ghedini <alessandro@ghedini.me> wrote:
> > 
> > On Wed, Oct 03, 2018 at 05:29:33AM -0700, internet-drafts@ietf.org wrote:
> >> 
> >> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> >> This draft is a work item of the Transport Layer Security WG of the IETF.
> >> 
> >>        Title           : TLS Certificate Compression
> >>        Authors         : Alessandro Ghedini
> >>                          Victor Vasiliev
> >> 	Filename        : draft-ietf-tls-certificate-compression-04.txt
> >> 	Pages           : 7
> >> 	Date            : 2018-10-03
> >> 
> >> Abstract:
> >>   In TLS handshakes, certificate chains often take up the majority of
> >>   the bytes transmitted.
> >> 
> >>   This document describes how certificate chains can be compressed to
> >>   reduce the amount of data transmitted and avoid some round trips.
> >> 
> >> 
> >> The IETF datatracker status page for this draft is:
> >> https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/
> >> 
> >> There are also htmlized versions available at:
> >> https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-04
> >> https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression-04
> >> 
> >> A diff from the previous version is available at:
> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-certificate-compression-04
> > 
> > This is just a tiny update with a few small fixes and the addition of the
> > early code points assigned by IANA.
> > 
> > In other news, Chrome landed support for certificate compression in canary
> > back in July, and Cloudflare deployed support on its edge servers a few
> > weeks ago.
> > 
> > The data we've seen on the Cloudflare side looks quite promising so far,
> > although I haven't had the time to do a full analysis yet. We are seeing
> > reductions in certificates sizes between 1.5-2 KB for both ECDSA and RSA
> > (meaning a full QUIC packet if not more), with average compressed size
> > hovering around 2.1-2.4 KB for ECDSA and 2.5-3.5 KB for RSA.
> > 
> > The only remaining open issue is the potential attack illustrated by Subodh
> > a few months ago https://www.ietf.org/mail-archive/web/tls/current/msg25851.html
> > 
> >> From the reaction on that mailing list discussion, and from talking to people
> > at the last IETF, it seems to me that the attack doesn't appear to worry people
> > much and that there isn't much interest in fixing it. Though I thought I'd
> > mention it again to see if people have anything to add to it, and see if we
> > can agree on whether we should do anything about it.
> > 
> > Other than that it looks like the draft is in a pretty good shape at this point,
> > so it'd be nice to have some additional review, and then see if it can proceed
> > to the next step (which I think would be WGLC).
> 
> Alessandro - thanks for this update.
> 
> WG - I’d like to echo Alessandro request for reviews.   If this outstanding WG item is not resolved before IETF103 we will discuss the outstanding issue there, and barring any other major issues we are planning to WGLC the draft after IETF103.
> 
> One question: There was some discussion earlier about dictionaries.  Are dictionaries being used in the current deployments?

No, neither Chrome nor Cloudflare are using dictionaries. Something I forgot
to mention in my previous email is that the numbers are for plain brotli
compression, so without dictionary.

Cheers