On Thu, Jul 06, 2023 at 11:18:01PM +0100, Dennis Jackson wrote: > Hi all, > > I've submitted the draft below that describes a new TLS certificate > compression scheme that I'm calling 'Abridged Certs' for now. The aim is to > deliver excellent compression for existing classical certificate chains and > smooth the transition to PQ certificate chains by eliminating the root and > intermediate certificates from the bytes on the wire. It uses a shared > dictionary constructed from the CA certificates listed in the CCADB [1] and > the associated extensions used in end entity certificates.
What does "Note that the connection will fail regardless even if this step is not taken as neither certificate validation nor transcript validation can succeed." mean? TLS certificate compression does not do anything special with transcript, so transcript validation should always succeed. And are there zstd decoders that can reuse output buffer in oneshot decompression for lookback? The zstd command line tool manual page mentions default 128MB memory limit for decompression. I presume mostly for lookback. Such limit is way too large. And an alternative idea: The compressed stream is concatenation of two kinds of certificate entries: 1) If certificate is not found in dictionary: opaque zstd_compressed_cert<1..16711679>; opaque extensions<0..65535>; Where if next certificate in chain is also not found, zstd uses empty dictionary. Otherwise it uses dictionary associated with the next certificate in chain. 2) If certificate is found in dictionary: uint8 always_0xff = 255; uint16 dictionary_index; opaque extensions<0..65535>; The overall length is not compressed, because compressed_certificate message already has it. This allows dictionaries to be specific to CA, avoiding tradeoffs between CAs. As illustration, minimal compressed certificate message for certificate issued by Let's Encrypt E1: - 4 byte message header. - 2 byte compression algorithm. - 3 byte uncompressed length. - 3 byte length of EE certificate. - X byte zstd compressed certificate using dictionary for Let's Encrypt E1. - 2 byte extension block length. - 0 byte extension block. - 3 byte entry for Let's Encrypt E1. - 2 byte extension block length. - 0 byte extension block. - 3 byte entry for ISRG Root X2. - 2 byte extension block length. - 0 byte extension block. Total: 24 + X bytes. > On 06/07/2023 23:11, internet-dra...@ietf.org wrote: > > A new version of I-D, draft-jackson-tls-cert-abridge-00.txt > > has been successfully submitted by Dennis Jackson and posted to the > > IETF repository. > > > > Name: draft-jackson-tls-cert-abridge > > Revision: 00 > > Title: Abridged Compression for WebPKI Certificates > > Document date: 2023-07-06 > > Group: Individual Submission > > Pages: 19 > > URL: > > https://www.ietf.org/archive/id/draft-jackson-tls-cert-abridge-00.txt > > Status: > > https://datatracker.ietf.org/doc/draft-jackson-tls-cert-abridge/ > > Html: > > https://www.ietf.org/archive/id/draft-jackson-tls-cert-abridge-00.html > > Htmlized: > > https://datatracker.ietf.org/doc/html/draft-jackson-tls-cert-abridge -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
