IETF Logo Mail Archive

Re: [TLS] adopted: draft-ghedini-tls-certificate-compression

Watson Ladd <watsonbladd@gmail.com> Thu, 08 June 2017 04:18 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A82B129B09; Wed, 7 Jun 2017 21:18:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuU4Ysa1Dl1z; Wed, 7 Jun 2017 21:18:18 -0700 (PDT)
Received: from mail-pg0-x236.google.com (mail-pg0-x236.google.com [IPv6:2607:f8b0:400e:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9443F129B06; Wed, 7 Jun 2017 21:18:18 -0700 (PDT)
Received: by mail-pg0-x236.google.com with SMTP id v18so11850626pgb.1; Wed, 07 Jun 2017 21:18:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ch1qkNHLGu6Fx1PsuGU0QmheKQltF8emaYDvwlqcgKo=; b=Xf8bfb4QClpVDirX+23UBU3VR+oMlT2EXX/2jPhIIARF7KpAlHv3xqU0xlwjTZ0gVY oaYSBTs8FB2reQhIFmaWqmXP5gcXieDyeh+eAcjr1tK7kGhsg8QzxDEiEL7Byvt1Dpe8 GeCXpYLqSQMvXidssdnUfIY3hySVlFIkCTbGBMhPGwTe6W8W7x+OJg/ujqXL41+XVzJh Dy3YztPTNTOw4z/xc4FOtM71MCuv0PCE00kWh7QTFPakDhm686LZAXwngo8IT7IgNki8 LIWHFEv/wCmV5uDD/tyK+ZqmbcduJKLnTuP9DAPk+IIOSm1K3Ij/G/+ze2ePRFOc0KiB KD6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ch1qkNHLGu6Fx1PsuGU0QmheKQltF8emaYDvwlqcgKo=; b=Pl7E0k4tYLolIH+tY+r7ERolD6mKZSleey2LqYuYGzTnuzIM9KQJfjkpqfLfXRQM2m 9irNAbVvMYZTP2nXxbK1zMo2Mgv141HfNlFQ/q5fqcPNYZ8x91kBWDXSfQW5BvnyfhbF tVwNng7yypWfWqLae3r1/WOtLcnuLVpsPyCa2l+QoVr0l7uwNyQ6wYkzuCudnBJXQPcN KGV0EJETzUlR9es0sPIQLMF4QzXauhsKDNasSTqcwzxD2mklP85RGCwfRJvkBz0oE0qc a8jgLQygMpI3GV265nX1AABziMGyZ/fcUhQuUz1Rza5JttMjaY0icioOT0C7Q+qkx4f0 b0ZQ==
X-Gm-Message-State: AODbwcC9yVCEhg97fvJDS+rJPB4NzVx8S5qrYVlhYUKC2ztOtx2fmEZn KUwRVU6f6f/JDtC0a6q0TzIpRYkPWg==
X-Received: by 10.101.72.135 with SMTP id n7mr35460819pgs.198.1496895498223; Wed, 07 Jun 2017 21:18:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.207.228 with HTTP; Wed, 7 Jun 2017 21:18:17 -0700 (PDT)
In-Reply-To: <201706072043.38076.davemgarrett@gmail.com>
References: <B3FAE1B5-E608-489F-B3B9-BC966B673D94@sn3rd.com> <201706070223.19120.davemgarrett@gmail.com> <CAF-CG++JDse77x185Sb996P4ehWi=Ww_64Ks68-ZiYg_No+d0g@mail.gmail.com> <201706072043.38076.davemgarrett@gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 07 Jun 2017 21:18:17 -0700
Message-ID: <CACsn0cm18WJzHUQAmT4HBSvU_EbokZZ6extMGUSJ181oFswHGg@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Cc: Piotr Sikora <piotrsikora@google.com>, Alessandro Ghedini <alessandro@cloudflare.com>, "tls@ietf.org" <tls@ietf.org>, "draft-ghedini-tls-certificate-compression@ietf.org" <draft-ghedini-tls-certificate-compression@ietf.org>
Content-Type: multipart/alternative; boundary="089e0823787470060105516b245c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/n2slYN2kS3ZxjwW2_w0mdgNN7Us>
Subject: Re: [TLS] adopted: draft-ghedini-tls-certificate-compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2017 04:18:21 -0000

On Wed, Jun 7, 2017 at 5:43 PM, Dave Garrett <davemgarrett@gmail.com> wrote:

> On Wednesday, June 07, 2017 07:03:55 am Piotr Sikora wrote:
> > > Additionally, there's one bit of the spec which I question the need
> for: zlib support. Unless someone can show a legitimate case where zlib
> will consistently and notably outperform brotli, I don't see the point in
> defining it as an option. This is a bran new extension; we don't need
> backwards compatibility here. There's been a general consensus in this WG
> to avoid algorithm agility unless there's a real reason for it, so I
> propose we ditch zlib support and make brotli the default and only
> specified at the start (promoting it to id 0). Should some problem arise in
> the future where we actually need to use a decades old compression
> algorithm, it can be added later. Furthermore, we should probably define a
> pre-defined dictionary for brotli to use here which is based on common
> strings in certificates, rather than its default one for the general web
> (if such a thing is practical to do here). This could boost efficiency here
> and make it even more worth preferring (also likely reducing t
>  he size of said dictionary, as the default one is 120kB).
> >
> > To play devil's advocate, why do suggest we ditch zlib and not Brotli?
> >
> > I just did an experiment using certificate chains for facebook.com
> > (ECDSA) and google.com (RSA).
> >
> [...snip...]
> >
> > As you can see, at level 1, Brotli is easily outperformed by gzip with
> > and without dictionary, at level 6, both are basically the same, and
> > at level 9/Z, Brotli wins by a small margin in terms of file size.
> >
> > However, you need to keep in mind that Brotli has significantly higher
> > cost of compression, both in terms of CPU and memory allocations
> > (>40MB at higher levels), which might be unacceptable in some
> > environments.
> >
> > Don't get me wrong, I'm a big fan of Brotli, but unless we want to
> > squeeze every single byte out of the compression and/or use
> > pre-compressed certificates, then maybe Brotli isn't the best and only
> > choice here?
>
> This is a convincing argument to me. Thanks for the data. Given this
> information, I agree that supporting both algorithms can be helpful here,
> depending on server hardware constraints.
>
> I'm still curious to know if we can potentially create a lightweight
> cert-specific dictionary here that can boost things a bit. Or, is the QUIC
> one largely based on certs too?
>
> As to your devil's advocate suggestion: ... yeah, if Brotli doesn't give
> us any useful gains here over zlib, even with a new dict, I'd be ok with
> not specifying it for use. Your test does show it getting a small win at
> max compression, so that may not be the case. After fiddling with defining
> a new dict, test data against a larger set of certs could be useful.
>

I'm not sure what units we are measuring in here: 222% of what? And what
exactly is wrong with special formats that be much more compact on embedded
devices, or enabling point compression?

If you want root+intermediate+leaf that's 224 bytes of keys and signatures.
Being sparing in extra data can probably have <300 byte chains, without the
CPU overhead of compression at the cost of compatibility.


>
> Dave
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email