> On Mar 6, 2017, at 9:13 PM, Ryan Sleevi <[email protected]> wrote:
>
> I can appreciate that sentiment, but you do realize the natural consequence
> of that - it creates an incentive structure for the larger CAs to get larger,
> by virtue of the compression benefits afforded to them by such a dictionary
> making such certificates more desirable. That, in turn, results in more
> instability and insecurity for the PKI ecosystem and penalizes
> non-participants of the WebPKI within TLS.
Fewer WebPKI CAs (which are all trusted) seems like an improvement to me.
Though I doubt that compression efficiency would be a major factor in such
an outcome. If we're ultimately going to use post-quantum certificates with
post-quantum keys and signature algorithms, and those keys and signatures
are noticeably larger than current RSA keys/signatures, then compression of
the rest of the certificate will not matter very much at all.
If scalable quantum computing never happens, then EdDSA certs have sufficiently
small keys and signatures for reasonably effective compression.
One might also note that 10Gbps+ networks tend to use 9Kbyte ethernet frames
these days, perhaps over time these will become the norm rather than the
exception...
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
