+1 for a deterministic (minimal) encoding. --Mohit
On 11/15/20 10:13 PM, Eric Rescorla wrote: Trying to close out this discussion, it seems to me like there are three major options: 1. The current scheme 2. The current scheme with a deterministic minimal encoding (e.g., the two byte version is offset by 127) 3. The QUIC scheme I don't think that the QUIC scheme with deterministic encoding makes sense, because the virtue of the QUIC scheme is commonality with something already defined. I'm hearing that people are not as excited about moving to QUIC as I had expected and to the best of my knowledge, there is no valid reason to encode to > 2^32-1 in TLS. I also don't think using encoding (1) but mandating minimal length makes sense, as it's just as easy to do a deterministic minimal encoding. As Christian observes it *is* significantly more painful to do (2): the conventional way to encode vectors in TLS with minimal copying is: - Mark your current place --> X - Skip forward the length of the length field --> L - Encode the value - Encode (current position - (X + L)) at X But this won't be possible in (2). As MT observes, if you think of this as a two-pass system, there is not as much of a problem here [though not necessarily no problem]. Also, if you use a separate buffer, there is no problem. As noted above by MT and others, cTLS expands the transcript and so having a deterministic compression scheme is perhaps not as important, given that decompression is deterministic, but it still seems nice to have. Given the above, I think my preference would be (1) or (2), with, I think, a slight preference for (2). -Ekr On Tue, Oct 6, 2020 at 5:33 PM Nick Harper <nhar...@google.com<mailto:nhar...@google.com>> wrote: I have no strong opinion on how this is formatted. I'd base my decision on what the maximum value cTLS needs to encode: If 2^22-1 is sufficient, let's keep it as is, otherwise let's change it to the QUIC format (or some other change to increase the max value). I do like that the existing scheme, compared to QUIC varints, is more efficient for values 64-127 and just as efficient for the rest. On Mon, Oct 5, 2020 at 8:09 PM Eric Rescorla <e...@rtfm.com<mailto:e...@rtfm.com>> wrote: I don't have a strong opinion on whether to require a minimal encoding, but if we're not going to use QUIC's encoding as-is, then I would rather stick with the existing scheme, which has twice as large a range for the 1 byte encoding and is thus more compact for a range of common cases. -Ekr On Mon, Oct 5, 2020 at 7:31 PM Marten Seemann <martenseem...@gmail.com<mailto:martenseem...@gmail.com>> wrote: In that case, why use QUIC's encoding at all? It would just put the burden on the receiver to check that the minimal encoding was used. Would it instead make more sense to modify QUIC's encoding, such that the 2-byte encoding doesn't encode the numbers from 0 to 16383, but the numbers from 64 to (16383 + 64), and equivalently for 4 and 8-byte encodings? On Tue, Oct 6, 2020 at 9:22 AM Salz, Rich <rs...@akamai.com<mailto:rs...@akamai.com>> wrote: Can you just say “QUIC rules but use the minimum possible length”? _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
