Hi.
On 28.02.22 13:55, Branitsky, Norman wrote:
Future requirement for HAProxy?
https://datatracker.ietf.org/doc/draft-kampanakis-tls-scas-latest/
From my point of view is this draft heavily based on the implementation of the
underlaying TLS library.
For everyone which want to know what this is here a short intro cite.
```
1. Introduction
The most data heavy part of a TLS handshake is authentication. It
usually consists of a signature, an end-entity certificate and
Certificate Authority (CA) certificates used to authenticate the end-
entity to a trusted root CA. These chains can sometime add to a few
kB of data which could be problematic for some usecases.
[EAPTLSCERT] and [EAP-TLS13] discuss the issues big certificate
chains in EAP authentication. Additionally, it is known that IEEE
802.15.4 [IEEE802154] mesh networks and Wi-SUN [WISUN] Field Area
Networks often notice significant delays due to EAP-TLS
authentication in constrained bandwidth mediums.
To alleviate the data exchanged in TLS [RFC8879] shrinks certificates
by compressing them. [CBOR-CERTS] uses different certificate
encodings for constrained environments. On the other hand, [CTLS]
proposes the use of certificate dictionaries to omit sending CA
certificates in a Compact TLS handshake.
In a post-quantum context
[I-D.hoffman-c2pq][NIST_PQ][I-D.ietf-tls-hybrid-design], the TLS
authentication data issue is exacerbated.
[CONEXT-PQTLS13SSH][NDSS-PQTLS13] show that post-quantum certificate
chains exceeding the initial TCP congestion window (10MSS [RFC6928])
will slow down the handshake due to the extra round-trips they
Thomson, et al. Expires 17 August 2022 [Page 2]
Internet-Draft Suppress CAs February 2022
introduce. [PQTLS] shows that big certificate chains (even smaller
than the initial TCP congestion window) will slow down the handshake
in lossy environments. [TLS-SUPPRESS] quantifies the post-quantum
authentication data in QUIC and TLS and shows that even the leanest
post-quantum signature algorithms will impact QUIC and TLS.
[CL-BLOG] also shows that 9-10 kilobyte certificate chains (even with
30MSS initial TCP congestion window) will lead to double digit TLS
handshake slowdowns. What's more, it shows that some clients or
middleboxes cannot handle chains larger than 10kB.
....
```
*Norman Branitsky*
Senior Cloud Architect
Tyler Technologies, Inc.
P: 416-916-1752
C: 416.843.0670
www.tylertech.com
Tyler Technologies <https://www.tylertech.com/>