Hi Sean,
The documents (planned to be replaced with a single document) specifies a new
compression algorithm and makes an IANA registration of that new compression
algorithm for use with draft-ietf-tls-certificate-compression. The difference
compared to the already registered algorithms (zlib, brotli, zstd) is that the
new algorithm only works for a specific subset of RFC 5280, namely RFC 7925.
Cheers,
John
-----Original Message-----
From: Sean Turner <s...@sn3rd.com>
Date: Saturday, 11 April 2020 at 04:44
To: John Mattsson <john.matts...@ericsson.com>
Cc: "t...@ietf.org" <t...@ietf.org>, "uta@ietf.org" <uta@ietf.org>, Hannes
Tschofenig <hannes.tschofe...@arm.com>
Subject: Re: [Uta] [TLS] CBOR Certificate Compression of RFC 7925 certificates
suitable for cTLS
-hat
John,
There is already a certificate compression mechanism defined in
draft-ietf-tls-certificate-compression, which is currently in the RFC editor’s
queue. How do these documents relate to that one?
spt
> On Apr 8, 2020, at 09:29, Hannes Tschofenig <hannes.tschofe...@arm.com>
wrote:
>
> Thanks for the info, John. I will have a look at this publication.
>
> -----Original Message-----
> From: John Mattsson <john.matts...@ericsson.com>
> Sent: Wednesday, April 8, 2020 3:14 PM
> To: Hannes Tschofenig <hannes.tschofe...@arm.com>; t...@ietf.org;
uta@ietf.org
> Subject: Re: [TLS] CBOR Certificate Compression of RFC 7925 certificates
suitable for cTLS
>
> Hi Hannes,
>
> I have requested and been assigned time for
draft-mattsson-tls-cbor-cert-compress-00 and
draft-raza-ace-cbor-certificates-04 at the UTA virtual interim on March 23.
>
> We have an implementation of
https://link.springer.com/chapter/10.1007%2F978-3-319-93797-7_14 /
draft-raza-ace-cbor-certificates-03, but the code is not written in a way so
that the compression mechanism DER-> CBOR can be extracted. The example in
draft-raza-ace-cbor-certificates-04 was created by hand with cbor.me. We are
planning to implement a updated standalone version of the DER->CBOR compression
and hopefully have interop testing in the COSE WG.
>
> Cheers,
> John
>
> -----Original Message-----
> From: TLS <tls-boun...@ietf.org> on behalf of Hannes Tschofenig
<hannes.tschofe...@arm.com>
> Date: Friday, 3 April 2020 at 14:20
> To: John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org>,
"t...@ietf.org" <t...@ietf.org>, "uta@ietf.org" <uta@ietf.org>
> Subject: Re: [TLS] CBOR Certificate Compression of RFC 7925 certificates
suitable for cTLS
>
> Hi John,
>
> Thanks for the heads-up.
>
> Discussing this aspect in draft-tschofenig-uta-tls13-profile-01 makes
sense.
>
> I was wondering whether you have been working on an implementation of
draft-mattsson-cose-cbor-cert-compress-00 / draft-raza-ace-cbor-certificates-04.
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: TLS <tls-boun...@ietf.org> On Behalf Of John Mattsson
> Sent: Friday, April 3, 2020 9:03 AM
> To: t...@ietf.org; uta@ietf.org
> Subject: [TLS] CBOR Certificate Compression of RFC 7925 certificates
suitable for cTLS
>
> Hi,
>
> During the COSE virtual interim meeting yesterday, there was agreement
that the COSE working group should work on CBOR compression of RFC 7925
profiled X.509 certificates. The work will be based on
draft-raza-ace-cbor-certificates and draft-mattsson-cose-cbor-cert-compress and
the two drafts will be merged. Doing this work in a security group focused on
CBOR makes a lot of sense.
>
> https://tools.ietf.org/html/draft-mattsson-cose-cbor-cert-compress-00
> https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-04
>
> The COSE draft charter has already been updated to reflect this.
>
>
https://protect2.fireeye.com/v1/url?k=7bb071f5-2764744a-7bb0316e-868f633dbf25-2e38405b1af55534&q=1&e=cf090c9d-e6fc-4d99-84bc-71ad23d8a524&u=https%3A%2F%2Fgithub.com%2Fcose-wg%2FCharter%2Fblob%2Fmaster%2FCharter.md
>
> As the algorithm is focused on compressing RFC 7925 profiled
certificates, It seems like a very good match for cTLS. To keep the number of
internet-drafts down, I plan to also include the TLS IANA registrations in the
merged draft submitted to the COSE WG and let
draft-mattsson-tls-cbor-cert-compress-00 expire.
>
> Any comments from the TLS WG are very welcome, but otherwise these is
not so much to discuss, this is just another certificate compression algorithm.
Any TLS related discussions would likely be regarding the certificate profile
in RFC 7925 and if any clarifications or updates are needed. This is likely
best discussed in UTA which may take up work on a TLS/DTLS 1.3 update of RFC
7925.
>
> https://tools.ietf.org/html/draft-tschofenig-uta-tls13-profile-01
>
> Cheers,
> John
>
> -----Original Message-----
> From: John Mattsson <john.matts...@ericsson.com>
> Date: Thursday, 12 March 2020 at 08:58
> To: "t...@ietf.org" <t...@ietf.org>
> Cc: "uta@ietf.org" <uta@ietf.org>
> Subject: FW: New Version Notification for
draft-mattsson-tls-cbor-cert-compress-00.txt
>
> Hi,
>
> We have submitted a new draft to TLS
https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00 The draft
register a new compression algorithms for use with TLS Certificate Compression
in TLS 1.3 and DTLS 1.3 (draft-ietf-tls-certificate-compression).
>
> The draft uses
https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-04 to compress RFC
7925 profiles certificates by encoding them from DER to CBOR. The aim is to be
compatible with all RFC 7925 profiled certificates. With the included example
DER encoded RFC 7925 certificate to certificate is compressed from 314 to 136
bytes, a compression rate of 57%.
>
> The general purpose compression algorithms defined in
draft-ietf-tls-certificate-compression do not seem able to compress profiled
RFC 7925 X.509 certificates much at all. zlib compressed the example cert 9%,
but for other certificates we tested, zlib did in many cases not provide any
compression at all.
>
> We have submitted a similar draft to the COSE WG registering a new
algorithms for the TLS 1.3 certificate compression extension.
>
>
https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00
>
> Cheers,
> John
>
> -----Original Message-----
> From: "internet-dra...@ietf.org" <internet-dra...@ietf.org>
> Date: Monday, 9 March 2020 at 21:19
> To: John Mattsson <john.matts...@ericsson.com>, John Mattsson
<john.matts...@ericsson.com>, Joel Höglund <joel.hogl...@ri.se>, Joel Hoglund
<joel.hogl...@ri.se>, Göran Selander <goran.selan...@ericsson.com>, Martin
Furuhed <martin.furu...@nexusgroup.com>, Göran Selander
<goran.selan...@ericsson.com>, Shahid Raza <shahid.r...@ri.se>
> Subject: New Version Notification for
draft-mattsson-tls-cbor-cert-compress-00.txt
>
>
> A new version of I-D,
draft-mattsson-tls-cbor-cert-compress-00.txt
> has been successfully submitted by John Preuss Mattsson and
posted to the
> IETF repository.
>
> Name:draft-mattsson-tls-cbor-cert-compress
> Revision:00
> Title:CBOR Certificate Algorithm for TLS Certificate
Compression
> Document date:2020-03-09
> Group:Individual Submission
> Pages:6
> URL:
https://www.ietf.org/internet-drafts/draft-mattsson-tls-cbor-cert-compress-00.txt
> Status:
https://datatracker.ietf.org/doc/draft-mattsson-tls-cbor-cert-compress/
> Htmlized:
https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00
> Htmlized:
https://datatracker.ietf.org/doc/html/draft-mattsson-tls-cbor-cert-compress
>
>
> Abstract:
> Certificate chains often take up the majority of the bytes
> transmitted in TLS handshakes. Large handshakes can cause
problems,
> particularly in constrained IoT environments. RFC 7925
defines a TLS
> certificate profile for constrained IoT. General purpose
compression
> algorithms can in many cases not compress RFC 7925 profiled
> certificates at all. By using the fact that the
certificates are
> profiled, the CBOR certificate compression algorithms can
in many
> cases compress RFC 7925 profiled certificates with over
50%. This
> document specifies the CBOR certificate compression
algorithm for use
> with TLS Certificate Compression in TLS 1.3 and DTLS 1.3.
>
>
>
>
> Please note that it may take a couple of minutes from the time
of submission
> until the htmlized version and diff are available at
tools.ietf.org.
>
> The IETF Secretariat
>
>
>
>
>
>
> _______________________________________________
> TLS mailing list
> t...@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
> _______________________________________________
> TLS mailing list
> t...@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
