Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt

Fri, 26 Jan 2018 02:28:08 -0800 

Hello,

Here's a fresh new update based on the latest round of discussion.

On Fri, Jan 26, 2018 at 02:18:21AM -0800, internet-dra...@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
> 
>         Title           : Transport Layer Security (TLS) Certificate 
> Compression
>         Authors         : Alessandro Ghedini
>                           Victor Vasiliev
>       Filename        : draft-ietf-tls-certificate-compression-02.txt
>       Pages           : 7
>       Date            : 2018-01-26
> 
> Abstract:
>    In Transport Layer Security (TLS) handshakes, certificate chains
>    often take up the majority of the bytes transmitted.
> 
>    This document describes how certificate chains can be compressed to
>    reduce the amount of data transmitted and avoid some round trips.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-02
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression-02
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-certificate-compression-02

The main changes are:

* The CompressedCertificate message itself now carries the selected compression
  algorithm, rather than it being specified in a ServerHello extension. This
  means that client and server can independently select an algorithm for their
  own certificates (or none at all as in the previous version) rather than
  using the one picked by the server.

* The server now advertises support for compressed client certitificates as an
  extension in the CertificateRequest message (so different sets of algorithms
  can be used for client compression).

* The feature is now TLS >= 1.3 only, due to the dependency on extensions in
  CertificateRequest and to avoid middlebox interference.

Me and Victor would like to ask for early codepoints assignment again, if you
think we are ready now.

Cheers

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to