On Wed, Feb 14, 2018 at 10:19:58AM +0100, Olivier Levillain wrote:
> Hi list,
> Le 26/01/2018 à 11:18, internet-dra...@ietf.org a écrit :
> > 
> > A New Internet-Draft is available from the on-line Internet-Drafts 
> > directories.
> > This draft is a work item of the Transport Layer Security WG of the IETF.
> > 
> >         Title           : Transport Layer Security (TLS) Certificate 
> > Compression
> >         Authors         : Alessandro Ghedini
> >                           Victor Vasiliev
> >     Filename        : draft-ietf-tls-certificate-compression-02.txt
> >     Pages           : 7
> >     Date            : 2018-01-26
> I am sorry I am late in the process of commenting this draft, but I have
> a question about the CompressedCertificate message: why does it contain
> an uncompressed_length field?

To know beforehand how much memory to allocate so one is able to
perform oneshot decompression.
> What is the point of this field which can not be trusted? If the idea is
> to give a hint of how long a certificate is, we already know that.

The compression ratio can vary.

> Since the whole goal of this draft is to reduce the size of the message,
> I would strongly suggest this field be removed. It is too much a
> temptation to be considered as a reliable information for shaky
> implementations.

It actaully makes writing solid decompressors easier. At least if the
decompressor API is at least as good as zlib.

If you know the sizes up front, you can do the decompression in one shot,
and check that the availables are zero afterwards. Compare this with messing
with variable-sized buffers. The chances of mistake are greatly increased if
one has to resize buffers.


TLS mailing list

Reply via email to