On Sunday, 27 November 2016 01:54:37 CET Alessandro Ghedini wrote:
> Hello,
>
> not sure if this has been discussed before (apologies if it has).
>
> QUIC mandates that certificate chains be gzip compressed in order to reduce
> the amount of bytes transmitted during full handshake.
>
> The QUIC
On Tue, 2016-11-29 at 13:56 +0100, Hubert Kario wrote:
> > Given that certificates usually take up most of the bytes exchanged
> > during a
> > full handshake it seems this could be useful, but I don't know if
> > in
> > practice the benefits are worth the added complexity. Thoughts?
>
> Decompre
On Tue, Nov 29, 2016 at 02:05:21PM +0100, Nikos Mavrogiannopoulos wrote:
> Well, PKIX/X.509 parsing seems to be order of magnitude more complex
> than compression :)
I have implemented both at times, so I can confirm that X.509 parsing is
a bit more complex than decompression (with Deflate). The _
Sure, here's my compressed cert. Ignore the fact that it's named "42.zip" --
see https://en.wikipedia.org/wiki/Zip_bomb
The risks of uncompressing data sent from a counterparty who has not yet been
authenticated, do not outweigh the gains.
/r$
--
Senior Architect, Akamai Technologies
I feel we can go ahead with TLS 1.3.
Or else TLS 3.4, because anyway we send 0x0304 on wire for TLS 1.3.
I hope all other three options (TLS 2.0, TLS 2 and TLS 4) will make confusion
with SSL versions for end user.
Raja Ashok VK
华为技术有限公司 Huawei Technologies
On Thu, Nov 24, 2016 at 09:10:00PM +, Fossati, Thomas (Nokia - GB)
wrote:
> I like your proposal, but I'm not convinced that overloading the
> semantics of an already existing extension when used in combination
> with a specific version of the protocol is necessarily the best
> strategy. Besid
On 30 November 2016 at 05:54, Thomas Pornin wrote:
> Any comments?
I'm ambivalent on this generally: though I think that the general
notion is OK, I'm not sure about the details.
In particular, you need to be clearer in your motivations: the point
is to ensure that little things (really little t
As discussed in issue #760 and Seoul, I've prepared a PR that moves most all
of CertificateRequest into extensions:
https://github.com/tlswg/tls13-spec/pull/791
This got a little more complicated than I anticipated because I had to
actually
define a certificate_authorities extension and I decided
