IETF Logo Mail Archive

Re: [TLS] Certificate compression (a la QUIC) for TLS 1.3

Victor Vasiliev <vasilvv@google.com> Tue, 06 December 2016 00:36 UTC

Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93E7712963A for <tls@ietfa.amsl.com>; Mon, 5 Dec 2016 16:36:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.596
X-Spam-Level:
X-Spam-Status: No, score=-5.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8QATvO-lKbk for <tls@ietfa.amsl.com>; Mon, 5 Dec 2016 16:36:20 -0800 (PST)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A5AD128B38 for <tls@ietf.org>; Mon, 5 Dec 2016 16:36:20 -0800 (PST)
Received: by mail-qk0-x230.google.com with SMTP id x190so364794069qkb.0 for <tls@ietf.org>; Mon, 05 Dec 2016 16:36:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=xw9/Fz3L5eH84mgE0Dv9nKEHzthW0i+KhmpxQoG/Q44=; b=ERqZCdCoUdhDCfJ1/+pg7P5xvUP+3EzJStQmHQjmcIVdCA9dqD6+nyikuya7M8MknG pTbEcmk49PBHG6q4CZRfnZYsEnS9VeQwU3FIJVqNusjXFseCoJ7B6NvWiHS5vaPqbPti Fqm5pgWuV2NedpkhFbFLdCmPdGVwgtAHu4JEqbixI3Tpdja50dOKymoxyC/z1VPskSku lqRjt2x6Wx+Cn0XXRmDqMPcxDjAqpkaiZGD3yBulthLVgD5dhsEEp+xBGPooWwqDkuMn hpOCGwvK/oAzzj5qubUMtiDcELPMO9vyWQ5G7W9WBEOh/a6MH2S05oDaKQgsr7s52rrL Iupw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=xw9/Fz3L5eH84mgE0Dv9nKEHzthW0i+KhmpxQoG/Q44=; b=DET6emzK9ADYn38yR+mCUFhlr4Yq8lMxO1ehpGyh0Y6T1X4jiTihZGTCJDOkMk7Jcz U9uqDXCnbt3HH6hECzUJ5PKtWPJCn59wsxvuqftKjCJksaIuGnm147RyixAgj1w7ewWf aO8dZWMqoTst7UafbNkU3+2Kw8ZgNMRByC+ojXctWpQNJ4DrwMk9+TrNqPBWWJHeMGAV yZ8yApWDoR89hDHqTkXFLzIRRobCTHcjQhdxAC23cK6uTnAyB3UmOp3ZsF5kMbx4Lvd9 4Ng2UwxTDIz5HK+AbWTF+onfYmXfJ+gxxaMlwXkUvxqzPydjx5OUBIAH83weAkktQKfV v9qQ==
X-Gm-Message-State: AKaTC03LVij/Zj6PMwoOidpi+QNF3blyrx3VSLq5U3HTfHy7me1MfdSxuhgLSadNLk+Ee1AwCFdIbHBKArpmd3FY
X-Received: by 10.233.220.71 with SMTP id q68mr53021769qkf.153.1480984579267; Mon, 05 Dec 2016 16:36:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.233.239.69 with HTTP; Mon, 5 Dec 2016 16:36:18 -0800 (PST)
In-Reply-To: <20161205232540.GV26244@mournblade.imrryr.org>
References: <20161127015437.kfcwpemeppg3yw7h@pinky.local> <CABcZeBO-7F-s-jtOj7FLO7kko3B+s9TyyO9WaL2MkvtN9JqYbw@mail.gmail.com> <CAAZdMacBDy0tbRvu0zR5FShm-nFZB0FmoSsoB3vT2HqTRPqLLA@mail.gmail.com> <20161127151304.gaqxot5wqcmcey7n@pinky.local> <CAAZdMaemwGq-pSZRje5MufA96CgEXEawB4DYqio54+HYPfsxqQ@mail.gmail.com> <20161205232540.GV26244@mournblade.imrryr.org>
From: Victor Vasiliev <vasilvv@google.com>
Date: Mon, 05 Dec 2016 19:36:18 -0500
Message-ID: <CAAZdMacfHDwp=XYx9LNdVeANSN9zJ7O6WHgi6e2zCLVtUcetnQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0438e0c41c530542f2978b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ztctLlS6EvWGli1sjJgIRKcTvpw>
Subject: Re: [TLS] Certificate compression (a la QUIC) for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 00:36:22 -0000

The intent is to make it agnostic of specific common issuers.  There are a
plenty of common strings which are not going to change for a while.  OIDs
are a
good example (some of the OIDs are quite huge!), as are the common TLDs,
"https://", etc.  Some of them will, of course, become outdated as
technology
evolves (I suspect we might see less of, say, sha256WithRsaEncryption OID
5-10
years from now, and more of whatever the crypto trend of the day is), but we
can just make a new one and assign a different compression algorithm ID to
it,
which should scale reasonably well given the speed at which TLS evolves.

On Mon, Dec 5, 2016 at 6:25 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Mon, Dec 05, 2016 at 06:13:56PM -0500, Victor Vasiliev wrote:
>
> > This looks promising!  I am currently working on figuring out a better
> > pre-shared dictionary (based on CT logs analysis) so I don't have that
> > much code for the actual TLS parts.
>
> What is the likelihood that a dictionary that is good today will
> continue to be good 10+ years from now?  Presumably, an effective
> dictionary is strongly tied to the current list of popular issuer
> DNs, and the list of popular issuers may well change significantly
> over the lifetime of the protocol.
>
> --
>         Viktor.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email