IETF Logo Mail Archive

Re: [Uta] [TLS] CBOR Certificate Compression of RFC 7925 certificates suitable for cTLS

John Mattsson <john.mattsson@ericsson.com> Wed, 08 April 2020 13:13 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 125AC3A0AE8; Wed, 8 Apr 2020 06:13:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kaJnFwiXyWKJ; Wed, 8 Apr 2020 06:13:40 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2055.outbound.protection.outlook.com [40.107.22.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F0CB3A0AEA; Wed, 8 Apr 2020 06:13:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WGe9g7feu0nQsvLT5aZr1NcgLowNymH73ELShPyY6zhNDpzeiIp216BUgWX4/qhBRRieh3N1WknY3Mhb3/wAEG7zY1soLuvNULbSPjQj/HW8ufaSrySnGe0US6mKzpE/yVunbKBghZPa0t4OcfELw56s4JKL7GcxGygdg9D0juXEgF3WqWj7MLkfoK0YM24bgQTVxllxtPbsSducDzWiCc9e/6p/PC8mip66X7nDwYU+r7rGEur/GW0/MRXPvGhISwbxjqTSI4lmkC1ehN2oX3DRLHpVZDvfKCJhg3cA3NT41YcVzx73lVK62Xyd2+W4ntuwpJDe9TX5P9LVDneFEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r+NRmtFr4YKV0u0N8ASfBZZiq0PhS3N3j0Smj6akyoo=; b=GfEnMJJBYV9w5M6Mgk2z+JFuPBRogAjEiZGlEE/Caqj1+Xn1xXSXhH4ivGgrQMOhQhQcojSqYslWUMLNQ37v6fvHqTsfm36I+ASIetCmfbtonF8KRvc5qhAq+V+ETeKvkdas5qO75AwJAaO5RlOlnX9b8XTONYgA5AYlucQ5FMhT/fclTs9u9cEbVqr03IcdVJKKN7/9oM8QWjeLYfgtz6qsXZkZ/wpyZwUV7hQu/bQlOnCeTsNpF66l5sNzszw1qjFInfuFsENkTGTRq78UAeXImISTeI0sP3Z3Fuwn1avOwiW+/wqysfO0GCOmhQnt4ggGowxi1ojb85oqEJZahw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r+NRmtFr4YKV0u0N8ASfBZZiq0PhS3N3j0Smj6akyoo=; b=Ca0reI4y9XPJ2IOkxWJrL2zgJdz5a9sq4CUvdBaV3AqOvLt2KlC0zhY1UlK//cQRcIBu3VJXSv0dgjmltOh+aoUIT4o+Kvdxlcb1kMPZTfbMOaiOMDu8JVYEf2F9SfOV4bXM7aZr9tjO2nHujrHwyVimrJ96NWsqWaBPpHXsVNg=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM6PR07MB5814.eurprd07.prod.outlook.com (2603:10a6:20b:9d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.12; Wed, 8 Apr 2020 13:13:37 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::928:dc19:896b:4b91]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::928:dc19:896b:4b91%6]) with mapi id 15.20.2900.015; Wed, 8 Apr 2020 13:13:37 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "tls@ietf.org" <tls@ietf.org>, "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [TLS] CBOR Certificate Compression of RFC 7925 certificates suitable for cTLS
Thread-Index: AQHWDaeDkPpKX8oyt0iX3UQ9nri0Dg==
Date: Wed, 08 Apr 2020 13:13:37 +0000
Message-ID: <CD58C8B5-BBB4-4D59-B2BF-4DE53A2725F1@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8ac83013-b3a8-411f-2014-08d7dbbea650
x-ms-traffictypediagnostic: AM6PR07MB5814:
x-microsoft-antispam-prvs: <AM6PR07MB5814ACC982ED102A7D2597F789C00@AM6PR07MB5814.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0367A50BB1
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(39860400002)(136003)(396003)(366004)(376002)(6506007)(53546011)(316002)(110136005)(91956017)(44832011)(81166007)(6512007)(2616005)(66574012)(64756008)(966005)(2906002)(6486002)(186003)(478600001)(66476007)(26005)(86362001)(66556008)(66946007)(8936002)(33656002)(71200400001)(5660300002)(76116006)(8676002)(36756003)(66446008)(81156014); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8wN1OYwyIRohFts5axjyEA5MwyQjQ7lmqLBennKjmxk2C5Ub9jCWTy81w/sD525aqxLQUioTYUdwiuZXa42kzHVi2Epz3mzAPqqCvqAH/RdB6UKTLNTpsRBQLgKBb8uJibXh1XovrR2BiU8cAjZrfxD2TvUNwy3HXsFzqr6PWrTMDYtnT/Ju0ye4FnYrOyYaz5YbnNLJVXPyl5CAdboRlEP4x8BHoJp6bSkheA2PYdPYzc1v7ACRjE91au8Fg2Wua0HuftGP84Qv7U41bRlL2UewltwmNUuUUON6YQIu9QRwzYH6ApR53xZmfwOG7vqhQdmM0tZOOqy5B+DD7pt50X97Cb239llvlKpEj3/HGasxwCBmaWPKZgQoV8fUYCYw+qBNXg0h6w0zGJRbHcG8Ie0exPDiQfCvRPsjz255qJawjv5G5Juegh4eWsyTgRlo0vsUmiifE3fwudton47GRgZuktJ8zC9qnbnocomrMKUIAa0Kws6SCq6Kt64pQg2fMHnh2oZWXN3dCGF4ubsqWw==
x-ms-exchange-antispam-messagedata: UFC7n0S6ddiM4JS7B0h0OchNT3sHuxBgEiZy9yrr0fNc7tJHSHDYMPfNyS8UAJA6z+ygqxSBQd/WZRJQVQ67DGyzX/9zLXj3NCfAOl9HWidEnQNvg9GMsHn7zHqFBg7JOY8Ucyj8NENbhoYD4e2GPg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <67D9E2F5166C6F418B0A46D5A3095A37@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8ac83013-b3a8-411f-2014-08d7dbbea650
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2020 13:13:37.5043 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DmNdBbgx8YDcou9wEPxGktSQELYVaQ1Q+VjVAVmOTrlqntZVhxgAL7UO0+yjtmpeLRIkU5rPBkfcFH4SipHY2K+fVZ+JvZuHUZor+dfRFwo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5814
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/a8Z4JkKraEzcoVsmfe5TkxDuoow>
Subject: Re: [Uta] [TLS] CBOR Certificate Compression of RFC 7925 certificates suitable for cTLS
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2020 13:13:46 -0000

Hi Hannes,

I have requested and been assigned time for draft-mattsson-tls-cbor-cert-compress-00 and draft-raza-ace-cbor-certificates-04 at the UTA virtual interim on March 23.

We have an implementation of https://link.springer.com/chapter/10.1007%2F978-3-319-93797-7_14 / draft-raza-ace-cbor-certificates-03, but the code is not written in a way so that the compression mechanism DER-> CBOR can be extracted. The example in draft-raza-ace-cbor-certificates-04 was created by hand with cbor.me. We are planning to implement a updated standalone version of the DER->CBOR compression and hopefully have interop testing in the COSE WG.

Cheers,
John

-----Original Message-----
From: TLS <tls-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Date: Friday, 3 April 2020 at 14:20
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "TLS@ietf.org" <tls@ietf.org>, "uta@ietf.org" <uta@ietf.org>
Subject: Re: [TLS] CBOR Certificate Compression of RFC 7925 certificates suitable for cTLS

    Hi John,
    
    Thanks for the heads-up.
    
    Discussing this aspect in draft-tschofenig-uta-tls13-profile-01 makes sense.
    
    I was wondering whether you have been working on an implementation of draft-mattsson-cose-cbor-cert-compress-00 / draft-raza-ace-cbor-certificates-04.
    
    Ciao
    Hannes
    
    -----Original Message-----
    From: TLS <tls-bounces@ietf.org> On Behalf Of John Mattsson
    Sent: Friday, April 3, 2020 9:03 AM
    To: TLS@ietf.org; uta@ietf.org
    Subject: [TLS] CBOR Certificate Compression of RFC 7925 certificates suitable for cTLS
    
    Hi,
    
    During the COSE virtual interim meeting yesterday, there was agreement that the COSE working group should work on CBOR compression of RFC 7925 profiled X.509 certificates. The work will be based on draft-raza-ace-cbor-certificates and draft-mattsson-cose-cbor-cert-compress and the two drafts will be merged. Doing this work in a security group focused on CBOR makes a lot of sense.
    
    https://tools.ietf.org/html/draft-mattsson-cose-cbor-cert-compress-00
    https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-04
    
    The COSE draft charter has already been updated to reflect this.
    
    https://github.com/cose-wg/Charter/blob/master/Charter.md
    
    As the algorithm is focused on compressing RFC 7925 profiled certificates, It seems like a very good match for cTLS. To keep the number of internet-drafts down, I plan to also include the TLS IANA registrations in the merged draft submitted to the COSE WG and let draft-mattsson-tls-cbor-cert-compress-00 expire.
    
    Any comments from the TLS WG are very welcome, but otherwise these is not so much to discuss, this is just another certificate compression algorithm. Any TLS related discussions would likely be regarding the certificate profile in RFC 7925 and if any clarifications or updates are needed. This is likely best discussed in UTA which may take up work on a TLS/DTLS 1.3 update of RFC 7925.
    
    https://tools.ietf.org/html/draft-tschofenig-uta-tls13-profile-01
    
    Cheers,
    John
    
    -----Original Message-----
    From: John Mattsson <john.mattsson@ericsson.com>
    Date: Thursday, 12 March 2020 at 08:58
    To: "TLS@ietf.org" <TLS@ietf.org>
    Cc: "uta@ietf.org" <uta@ietf.org>
    Subject: FW: New Version Notification for draft-mattsson-tls-cbor-cert-compress-00.txt
    
        Hi,
    
        We have submitted a new draft to TLS https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00 The draft register a new compression algorithms for use with TLS Certificate Compression in TLS 1.3 and DTLS 1.3 (draft-ietf-tls-certificate-compression).
    
        The draft uses https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-04 to compress RFC 7925 profiles certificates by encoding them from DER to CBOR. The aim is to be compatible with all RFC 7925 profiled certificates. With the included example DER encoded RFC 7925 certificate to certificate is compressed from 314 to 136 bytes, a compression rate of 57%.
    
        The general purpose compression algorithms defined in draft-ietf-tls-certificate-compression do not seem able to compress profiled RFC 7925 X.509 certificates much at all. zlib compressed the example cert 9%, but for other certificates we tested, zlib did in many cases not provide any compression at all.
    
        We have submitted a similar draft to the COSE WG registering a new algorithms for the TLS 1.3 certificate compression extension.
    
        https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00
    
        Cheers,
        John
    
        -----Original Message-----
        From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
        Date: Monday, 9 March 2020 at 21:19
        To: John Mattsson <john.mattsson@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, Joel Höglund <joel.hoglund@ri.se>, Joel Hoglund <joel.hoglund@ri.se>, Göran Selander <goran.selander@ericsson.com>, Martin Furuhed <martin.furuhed@nexusgroup.com>, Göran Selander <goran.selander@ericsson.com>, Shahid Raza <shahid.raza@ri.se>
        Subject: New Version Notification for draft-mattsson-tls-cbor-cert-compress-00.txt
    
    
            A new version of I-D, draft-mattsson-tls-cbor-cert-compress-00.txt
            has been successfully submitted by John Preuss Mattsson and posted to the
            IETF repository.
    
            Name:draft-mattsson-tls-cbor-cert-compress
            Revision:00
            Title:CBOR Certificate Algorithm for TLS Certificate Compression
            Document date:2020-03-09
            Group:Individual Submission
            Pages:6
            URL:            https://www.ietf.org/internet-drafts/draft-mattsson-tls-cbor-cert-compress-00.txt
            Status:         https://datatracker.ietf.org/doc/draft-mattsson-tls-cbor-cert-compress/
            Htmlized:       https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00
            Htmlized:       https://datatracker.ietf.org/doc/html/draft-mattsson-tls-cbor-cert-compress
    
    
            Abstract:
               Certificate chains often take up the majority of the bytes
               transmitted in TLS handshakes.  Large handshakes can cause problems,
               particularly in constrained IoT environments.  RFC 7925 defines a TLS
               certificate profile for constrained IoT.  General purpose compression
               algorithms can in many cases not compress RFC 7925 profiled
               certificates at all.  By using the fact that the certificates are
               profiled, the CBOR certificate compression algorithms can in many
               cases compress RFC 7925 profiled certificates with over 50%. This
               document specifies the CBOR certificate compression algorithm for use
               with TLS Certificate Compression in TLS 1.3 and DTLS 1.3.
    
    
    
    
            Please note that it may take a couple of minutes from the time of submission
            until the htmlized version and diff are available at tools.ietf.org.
    
            The IETF Secretariat
    
    
    
    
    
    
    _______________________________________________
    TLS mailing list
    TLS@ietf.org
    https://www.ietf.org/mailman/listinfo/tls
    IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
    _______________________________________________
    TLS mailing list
    TLS@ietf.org
    https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email