Hi TLS WG, This draft draft-kampanakis-tls-scas-latest is attempting to resurrect Martin’s original draft-thomson-tls-sic. It proposes using two new TLS 1.3 flags (draft-ietf-tls-tlsflags ) to signal to the TLS server or client to not send its Intermediate CA (ICA) certificates.
It assumes that we can pre-cache or load all the necessary intermediate CAs in order to build the cert chains to authenticate peers. As a data point, the size of a full ICA cache for the web would be 1-2MB (1-2 thousand ICAs) based on testing and 3rd party data [7][8]. 1-2MB is trivial for most usecases. When it is not, other caching mechanisms can be used. The main usecases that would benefit from this would be - post-quantum (D)TLS (PQ certs are going to be big and thus introduce issues for (D)TLS and QUIC [1][2][3][4]). - EAP-TLS in cases with big cert chains [5][6] - constrained environments where even a few KB in a (D)TLS handshake matter We believe we have addressed the comments regarding the original draft https://mailarchive.ietf.org/arch/browse/tls/?q=draft-thomson-tls-sic Feedback and discussion are welcome. Rgs, Panos [1] https://blog.cloudflare.com/sizing-up-post-quantum-signatures/ [2] https://www.ndss-symposium.org/ndss-paper/post-quantum-authentication-in-tls-1-3-a-performance-study/ [3] https://dl.acm.org/doi/10.1145/3386367.3431305 [4] https://assets.amazon.science/00/f8/aa76ff93472d9b55b6a84716e34c/speeding-up-post-quantum-tls-handshakes-by-suppressing-intermediate-ca-certificates.pdf [5] https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert [6] https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13 [7] https://github.com/FiloSottile/intermediates [8] https://ccadb-public.secure.force.com/mozilla/MozillaIntermediateCertsCSVReport -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Sunday, February 13, 2022 2:34 PM To: Bas Westerbaan <b...@cloudflare.com>; Bytheway, Cameron <byth...@amazon.com>; Martin Thomson <m...@lowentropy.net>; Kampanakis, Panos <kpa...@amazon.com> Subject: [EXTERNAL] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. A new version of I-D, draft-kampanakis-tls-scas-latest-00.txt has been successfully submitted by Panos Kampanakis and posted to the IETF repository. Name: draft-kampanakis-tls-scas-latest Revision: 00 Title: Suppressing CA Certificates in TLS 1.3 Document date: 2022-02-13 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/archive/id/draft-kampanakis-tls-scas-latest-00.txt Status: https://datatracker.ietf.org/doc/draft-kampanakis-tls-scas-latest/ Htmlized: https://datatracker.ietf.org/doc/html/draft-kampanakis-tls-scas-latest Abstract: A TLS client or server that has access to the complete set of published intermediate certificates can inform its peer to avoid sending certificate authority certificates, thus reducing the size of the TLS handshake. The IETF Secretariat _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
