Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt

Sean Turner <sean@sn3rd.com> Wed, 03 October 2018 17:15 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB16E127133 for <tls@ietfa.amsl.com>; Wed, 3 Oct 2018 10:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8tuyQU2WsZY for <tls@ietfa.amsl.com>; Wed, 3 Oct 2018 10:15:26 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61809127148 for <tls@ietf.org>; Wed, 3 Oct 2018 10:15:26 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id x23-v6so6793748qtr.1 for <tls@ietf.org>; Wed, 03 Oct 2018 10:15:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=RZZH9AU6pgoCA84vlYpRd5pxz1vdYwUbmy+3DU3Ev/0=; b=VADqk7GNsaEjJs8zGVEPpQdppHD57ytdiDP6jLzjkh0bw02T1JgxojygEpYzSIR6IY bx76i1+U5+AD74bkhTcvoDmPovahPK5ZJ0QDLh/6mXQLWeV/1YnW5rlXALAGNX+GY+aW yXbehQX10apqO+D5Y8wt7nppFO5WBa05DpzlM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=RZZH9AU6pgoCA84vlYpRd5pxz1vdYwUbmy+3DU3Ev/0=; b=m4xHeYi9jKCXQQRb/1JvgCGiI0Lq2vqjp60QSSckz5yYu4VOgkAnFVEACxnhdu4F51 MnotvYtPXVEV2593AGMQhylaZcCl5HwdwLXhw+K+tpbOG/HjHB3AECy+gC3uX1E8EmAf HWmtNmuizAjErCR33SjJq3ydEVgGDj2ZHjI9V+UxoYtU2mnuswVc9AAdWyGgXR2ukO9y cMQmocPIHv5Pq/Ts1+9BuiC0aQMJdqLS5m7zWcea2FNnZVv1nNZB465zNvtM/I5Wq+OK FE3QiaadTB1H5EoCP7ALM5QvWaeEA7THvbEzT8Fho/V0Ilbdo2cRmam8KsB6xPlFi9LL pSHg==
X-Gm-Message-State: ABuFfoh+flarTgTBtgb9ORYf53wTxNttGDLtZyfxbbfcGiKeTCe+AtWe X2C9dYsHCerTd+lQ/YoTlNM+R4/4i8A=
X-Google-Smtp-Source: ACcGV62a2PqiYi5X7BBP+USa21QQnsz8EtTghdFgy7DxM4TH3IDzJHVtgHYwFIfYKuXzD0A32UHrIw==
X-Received: by 2002:a0c:ba9f:: with SMTP id x31-v6mr2006111qvf.126.1538586925294; Wed, 03 Oct 2018 10:15:25 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id z3-v6sm833444qkc.55.2018.10.03.10.15.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Oct 2018 10:15:24 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 3 Oct 2018 13:15:22 -0400
References: <153856977342.9010.10521757586695280@ietfa.amsl.com> <20181003123643.GA5454@mandy.flat11.house>
To: tls@ietf.org, Alessandro Ghedini <alessandro@ghedini.me>
In-Reply-To: <20181003123643.GA5454@mandy.flat11.house>
Message-Id: <EC87E55E-A342-40D7-9E09-DB790B04BB9F@sn3rd.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/b_32rz4Rr9PrxD5aOumLAC6fVWs>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 17:15:29 -0000


> On Oct 3, 2018, at 08:36, Alessandro Ghedini <alessandro@ghedini.me> wrote:
> 
> On Wed, Oct 03, 2018 at 05:29:33AM -0700, internet-drafts@ietf.org wrote:
>> 
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Transport Layer Security WG of the IETF.
>> 
>>        Title           : TLS Certificate Compression
>>        Authors         : Alessandro Ghedini
>>                          Victor Vasiliev
>> 	Filename        : draft-ietf-tls-certificate-compression-04.txt
>> 	Pages           : 7
>> 	Date            : 2018-10-03
>> 
>> Abstract:
>>   In TLS handshakes, certificate chains often take up the majority of
>>   the bytes transmitted.
>> 
>>   This document describes how certificate chains can be compressed to
>>   reduce the amount of data transmitted and avoid some round trips.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/
>> 
>> There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-04
>> https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression-04
>> 
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-certificate-compression-04
> 
> This is just a tiny update with a few small fixes and the addition of the
> early code points assigned by IANA.
> 
> In other news, Chrome landed support for certificate compression in canary
> back in July, and Cloudflare deployed support on its edge servers a few
> weeks ago.
> 
> The data we've seen on the Cloudflare side looks quite promising so far,
> although I haven't had the time to do a full analysis yet. We are seeing
> reductions in certificates sizes between 1.5-2 KB for both ECDSA and RSA
> (meaning a full QUIC packet if not more), with average compressed size
> hovering around 2.1-2.4 KB for ECDSA and 2.5-3.5 KB for RSA.
> 
> The only remaining open issue is the potential attack illustrated by Subodh
> a few months ago https://www.ietf.org/mail-archive/web/tls/current/msg25851.html
> 
>> From the reaction on that mailing list discussion, and from talking to people
> at the last IETF, it seems to me that the attack doesn't appear to worry people
> much and that there isn't much interest in fixing it. Though I thought I'd
> mention it again to see if people have anything to add to it, and see if we
> can agree on whether we should do anything about it.
> 
> Other than that it looks like the draft is in a pretty good shape at this point,
> so it'd be nice to have some additional review, and then see if it can proceed
> to the next step (which I think would be WGLC).

Alessandro - thanks for this update.

WG - I’d like to echo Alessandro request for reviews.   If this outstanding WG item is not resolved before IETF103 we will discuss the outstanding issue there, and barring any other major issues we are planning to WGLC the draft after IETF103.

One question: There was some discussion earlier about dictionaries.  Are dictionaries being used in the current deployments?

spt