On 4/2/2019 4:42 AM, Hubert Kario wrote: > On Monday, 1 April 2019 23:05:41 CEST Martin Thomson wrote: >> On Mon, Apr 1, 2019, at 12:40, Hubert Kario wrote: >>>>> would possibly reduce the size of is ServerHello or >>>>> EncryptedExtensions >>>> Those are messages where we have size pressure. >>> why? in what use case? >> QUIC. We have 3600 bytes to play with in that flight. And Certificate is >> often more than that. > then maybe it's QUIC that should be modified to allow for more than 3600 > bytes > to actually make it deployable? > > I mean, seriously, if you you need to be bit-pinching now, what will happen > when PQC gets deployed?!
The problem is "amplification" -- how much data the server is willing to send without assurance that the client's address is not spoofed. The current decision is "no more than 3 times the size of the data sent by the client", which is enforced to be at least 1200 bytes. Quic does work if the server flight is longer than that, but then the handshake takes at least 2*RTT instead of 1*RTT. That said, yes, there is a problem if PQC requires the client hello to be larger than 1200 bytes. -- Christian Huitema
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
