IETF Logo Mail Archive

Re: [TLS] adopted: draft-ghedini-tls-certificate-compression

Piotr Sikora <piotrsikora@google.com> Wed, 07 June 2017 11:03 UTC

Return-Path: <piotrsikora@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5C4012942F for <tls@ietfa.amsl.com>; Wed, 7 Jun 2017 04:03:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PvYaJVOOjoYx for <tls@ietfa.amsl.com>; Wed, 7 Jun 2017 04:03:57 -0700 (PDT)
Received: from mail-ua0-x231.google.com (mail-ua0-x231.google.com [IPv6:2607:f8b0:400c:c08::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 022E4126FB3 for <tls@ietf.org>; Wed, 7 Jun 2017 04:03:56 -0700 (PDT)
Received: by mail-ua0-x231.google.com with SMTP id x47so4237241uab.0 for <tls@ietf.org>; Wed, 07 Jun 2017 04:03:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0uzQUa7Kjdcj6u/SO5lfRrZQBN+9eiVIlupqWOG1VtE=; b=K0rA7iHL50fTAcF/lJrmLQmuxdd8jdPlygeI4Kt/X7ogBht/FOvb1nnxe8TEDIzB45 pmMdowaWghaFc1bzDD5lfqG+3VSWcY5M9eRZQ4yM6Lj4VRbAMAMngxb+AFhGFC99k1xn h9+5t8nR3nNqsXUP3As8ZGv/JNQLor8yA0cSwI4BOKiTxWNOYbdX2i5/7ze8R+V2f7QZ cFsI0bjupgP8hCSEVQW6X56J3iZeE/fM/wHVsr4NHh39040k4jp04frj6gCO9bGRTZlv 3xQ1MWOpUFx0GFd3neGRHULcqFMt8WDTJPsuOzhIWbDzrWGM96vexAVXX/4e28+TXveB FK+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0uzQUa7Kjdcj6u/SO5lfRrZQBN+9eiVIlupqWOG1VtE=; b=E4m6UH+ZHUWZHI+Ph9g8XpRKBd9W5AikiCBqitYpceNbv+x2ZREpr/ut0Q+oeGAZW/ TWe8rG5vyd6qpVYqQ72A/rDY5sudRvCv/AAe/KaJ2JOkhdhzNVrImUJbVGwus3Rr6xjN 0057D2KYSDi0Gl0fiZfsQmyFsp5ri36FQG8gGleWUE8iN0xlFqp/sAv/MWp6Fz/1aUwu nh2di9MBoqDaKuNryBbzlzNBF3dMJZ7gZB2AU4kNZqdZpT4RX6UNhdBLoBmiyI5CfPkO 4mKGfVpkhV7gJ4Wz3iBAGPFggOPbOyQXqbjigCypTPOpRkay3pp7RZexD3SmYvqk2/Gx q6Jw==
X-Gm-Message-State: AODbwcAot+IgNBu5ZgiznMR+i3GJdkp5cc9I7jQeJyaw9xsmfnTNAb9F liFAFQF0dp1aL0luaEoh6oMSvGLtCB45
X-Received: by 10.159.60.82 with SMTP id w18mr15058802uah.19.1496833435797; Wed, 07 Jun 2017 04:03:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.153.131 with HTTP; Wed, 7 Jun 2017 04:03:55 -0700 (PDT)
In-Reply-To: <201706070223.19120.davemgarrett@gmail.com>
References: <B3FAE1B5-E608-489F-B3B9-BC966B673D94@sn3rd.com> <FDFEA8C9B9B6BD4685DCC959079C81F5E1953C09@BLREML509-MBS.china.huawei.com> <201706070223.19120.davemgarrett@gmail.com>
From: Piotr Sikora <piotrsikora@google.com>
Date: Wed, 07 Jun 2017 04:03:55 -0700
Message-ID: <CAF-CG++JDse77x185Sb996P4ehWi=Ww_64Ks68-ZiYg_No+d0g@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Cc: tls@ietf.org, "draft-ghedini-tls-certificate-compression@ietf.org" <draft-ghedini-tls-certificate-compression@ietf.org>, Alessandro Ghedini <alessandro@cloudflare.com>, Victor Vasiliev <vasilvv@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/etcOlzKu-qMxRZzWe8NwDsVeWQM>
Subject: Re: [TLS] adopted: draft-ghedini-tls-certificate-compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 11:03:59 -0000

Hey Dave,

> Additionally, there's one bit of the spec which I question the need for: zlib support. Unless someone can show a legitimate case where zlib will consistently and notably outperform brotli, I don't see the point in defining it as an option. This is a bran new extension; we don't need backwards compatibility here. There's been a general consensus in this WG to avoid algorithm agility unless there's a real reason for it, so I propose we ditch zlib support and make brotli the default and only specified at the start (promoting it to id 0). Should some problem arise in the future where we actually need to use a decades old compression algorithm, it can be added later. Furthermore, we should probably define a pre-defined dictionary for brotli to use here which is based on common strings in certificates, rather than its default one for the general web (if such a thing is practical to do here). This could boost efficiency here and make it even more worth preferring (also likely reducing the size of said dictionary, as the default one is 120kB).

To play devil's advocate, why do suggest we ditch zlib and not Brotli?

I just did an experiment using certificate chains for facebook.com
(ECDSA) and google.com (RSA).

I compressed them with Brotli (at levels: 1, 6, 9 and 11 - aka Z) and
gzip (at levels: 1, 6 and 9):

facebook.com-ecdsa-chain.pem 4485 (222%)
facebook.com-ecdsa-chain.der 2024 (100%)

facebook.com-ecdsa-chain.br1 1823 (90%)
facebook.com-ecdsa-chain.br6 1673 (83%)
facebook.com-ecdsa-chain.br9 1644 (81%)
facebook.com-ecdsa-chain.brZ 1597 (79%)

facebook.com-ecdsa-chain.gz1 1699 (84%)
facebook.com-ecdsa-chain.gz6 1687 (83%)
facebook.com-ecdsa-chain.gz9 1687 (83%)

google.com-rsa-chain.pem 5749 (266%)
google.com-rsa-chain.der 2160 (100%)

google.com-rsa-chain.br1 1541 (71%)
google.com-rsa-chain.br6 1343 (62%)
google.com-rsa-chain.br9 1348 (62%)
google.com-rsa-chain.brZ 1330 (62%)

google.com-rsa-chain.gz1 1434 (66%)
google.com-rsa-chain.gz6 1398 (65%)
google.com-rsa-chain.gz9 1398 (65%)

Then, I did the same using pre-defined dictionary from QUIC Crypto:

facebook.com-ecdsa-chain.bq1 1823 (90%)
facebook.com-ecdsa-chain.bq6 1505 (74%)
facebook.com-ecdsa-chain.bq9 1482 (73%)
facebook.com-ecdsa-chain.bqZ 1460 (72%)

facebook.com-ecdsa-chain.gq1 1536 (76%)
facebook.com-ecdsa-chain.gq6 1506 (74%)
facebook.com-ecdsa-chain.gq9 1506 (74%)

google.com-rsa-chain.bq1 1541 (71%)
google.com-rsa-chain.bq6 1248 (58%)
google.com-rsa-chain.bq9 1239 (57%)
google.com-rsa-chain.bqZ 1233 (57%)

google.com-rsa-chain.gq1 1317 (61%)
google.com-rsa-chain.gq6 1266 (59%)
google.com-rsa-chain.gq9 1266 (59%)

As you can see, at level 1, Brotli is easily outperformed by gzip with
and without dictionary, at level 6, both are basically the same, and
at level 9/Z, Brotli wins by a small margin in terms of file size.

However, you need to keep in mind that Brotli has significantly higher
cost of compression, both in terms of CPU and memory allocations
(>40MB at higher levels), which might be unacceptable in some
environments.

Don't get me wrong, I'm a big fan of Brotli, but unless we want to
squeeze every single byte out of the compression and/or use
pre-compressed certificates, then maybe Brotli isn't the best and only
choice here?

Best regards,
Piotr Sikora

v2.23.0 | Report a Bug | By Email