IETF Logo Mail Archive

Re: [TLS] Certificate compression (a la QUIC) for TLS 1.3

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 05 December 2016 23:25 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A3B9129E69 for <tls@ietfa.amsl.com>; Mon, 5 Dec 2016 15:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hqp2_06h6of9 for <tls@ietfa.amsl.com>; Mon, 5 Dec 2016 15:25:48 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68F50129E7E for <tls@ietf.org>; Mon, 5 Dec 2016 15:25:41 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 566B7284F7E; Mon, 5 Dec 2016 23:25:40 +0000 (UTC)
Date: Mon, 05 Dec 2016 23:25:40 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20161205232540.GV26244@mournblade.imrryr.org>
References: <20161127015437.kfcwpemeppg3yw7h@pinky.local> <CABcZeBO-7F-s-jtOj7FLO7kko3B+s9TyyO9WaL2MkvtN9JqYbw@mail.gmail.com> <CAAZdMacBDy0tbRvu0zR5FShm-nFZB0FmoSsoB3vT2HqTRPqLLA@mail.gmail.com> <20161127151304.gaqxot5wqcmcey7n@pinky.local> <CAAZdMaemwGq-pSZRje5MufA96CgEXEawB4DYqio54+HYPfsxqQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAAZdMaemwGq-pSZRje5MufA96CgEXEawB4DYqio54+HYPfsxqQ@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pLfABbZtuNgiZn9hCxndFY79wmE>
Subject: Re: [TLS] Certificate compression (a la QUIC) for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2016 23:25:50 -0000

On Mon, Dec 05, 2016 at 06:13:56PM -0500, Victor Vasiliev wrote:

> This looks promising!  I am currently working on figuring out a better
> pre-shared dictionary (based on CT logs analysis) so I don't have that
> much code for the actual TLS parts.

What is the likelihood that a dictionary that is good today will
continue to be good 10+ years from now?  Presumably, an effective
dictionary is strongly tied to the current list of popular issuer
DNs, and the list of popular issuers may well change significantly
over the lifetime of the protocol.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email