On Sun, 2016-11-27 at 15:13 +0000, Alessandro Ghedini wrote: > On Sat, Nov 26, 2016 at 11:42:20PM -0500, Victor Vasiliev wrote: > > I am currently trying to figure out how much of QUIC certificate > > compression can be adapted to work with TLS. I will submit a draft > > as soon > > as I have a working prototype. > > FWIW I too have started working on a prototype for gzip compressing > certificates > based on BoringSSL: > https://github.com/ghedo/boringssl/tree/cert_compress > > It's not complete yet and I only implemented compression so far based > on what > Chromium does with QUIC. I also haven't really tested it yet (but at > least it > builds AFAICT :) ).
I guess one could use the certificate type negotiation mechanism from RFC7250 to negotiate a compressed certificate, instead of a normal one. That would require registering an ID at: http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml > I'd like to do some tests as well to measure the benefits of this > (e.g. > download certificates from CT logs and see how effective the > compression is). > > I also started working on a draft for gzip compression of > certificates at: > https://github.com/ghedo/tls-certificate-compression Have you considered lz4 instead of zlib? regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
