Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt

Bill Frantz <frantz@pwpconsult.com> Mon, 11 December 2017 20:43 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 945381273B1 for <tls@ietfa.amsl.com>; Mon, 11 Dec 2017 12:43:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8P_eP55K7h12 for <tls@ietfa.amsl.com>; Mon, 11 Dec 2017 12:43:32 -0800 (PST)
Received: from elasmtp-masked.atl.sa.earthlink.net (elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B1981205F0 for <tls@ietf.org>; Mon, 11 Dec 2017 12:43:31 -0800 (PST)
Received: from [47.143.125.17] (helo=Williams-MacBook-Pro.local) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1eOUvC-0003Uu-GO for tls@ietf.org; Mon, 11 Dec 2017 15:43:30 -0500
Date: Mon, 11 Dec 2017 12:43:30 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: tls@ietf.org
X-Priority: 3
In-Reply-To: <CABkgnnUu6aE0socrxXm6L11T5F0cdHL-Y5K0deQudOorwEeVqg@mail.gmail.com>
Message-ID: <r470Ps-10132i-E0E190ABCD214523B790DE7F83C37914@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4 (470)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79981a4485c35ab0bccfd33feda9c621c1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 47.143.125.17
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/heMMEE8QVBQWtHtJlKQz9-U-c4o>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 20:43:34 -0000

The discussion of this draft makes it sound like implementations 
will have additional complexity to support certificate 
compression. Complexity adds security risks, so just how much 
benefit does certificate compression provide? My naive thinking 
is that most of the data in certificates is signatures, which 
shouldn't be very compressible.

Of course, for small systems, even a small improvement may be important.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | When it comes to the world     | Periwinkle
(408)356-8506      | around us, is there any choice | 16345 
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos, 
CA 95032