> On Mar 6, 2017, at 6:23 PM, Victor Vasiliev <[email protected]> wrote:
>
> Hi Martin,
>
> I've measured the effect of compression on a corpus of popular website
> certificate chains I had lying around (Alexa Top 100k from a few years ago),
> and the effect seems to be about -30% of size at the median and -48% at 95th
> percentile (with Brotli, subtract 3-5% for zlib).
>
> I think the most dramatic effect from the compression is observed for the
> certificates with a lot of SNI values, which is not uncommon.
Is 30-50% enough to mitigate concerns about amplification attacks? Introducing
compression increases the attack surface on TLS clients and adds CPU cost. If
the compression is not sufficiently effective, it is not clear that the benefit
outweighs the cost.
Wouldn't amplification be better addressed via TCP cookies? With TCP fast open
restricted to cookie-bearing clients? With similar mechanisms for UDP, ...
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
