This is the working area for the individual Internet-Draft, "Abridged Certificate Compression for the WebPKI".
This drafts defines WebPKI specific compression scheme for use in TLS Certificate Compression. The compression scheme relies on a static dictionary consisting of a snapshot of the root and intermediate certificates used in the WebPKI. The result is a dramatic improvement over the existing generic compression schemes used in TLS, equitable for both CAs and website operators and avoids the need for trust negotiation or additional error handling.
As the scheme removes the overhead of including root and intermediate certificates in the TLS handshake, it paves the way for a transition to PQ TLS certificates and has an outsized impact on QUIC's performance due to magnification limits on the server's response. This compression scheme may also be of interest in other situations where certificate chains are stored, for example in the operation of Certificate Transparency logs.
This draft is a work in progress, however a preliminary evaluation is available:
| Scheme | p5 | p50 | p95 |
|---|---|---|---|
| Original | 2308 | 4032 | 5609 |
| TLS Cert Compression | 1619 | 3243 | 3821 |
| Intermediate Suppression and TLS Cert Compression | 1020 | 1445 | 3303 |
| This Draft | 661 | 1060 | 1437 |
| Hypothetical Optimal Compression | 377 | 742 | 1075 |
A complete table of results and benchmarking scripts can be found in benchmarks.
See the guidelines for contributions.
Contributions can be made by creating pull requests. The GitHub interface supports creating pull requests using the Edit (✏) button.
Formatted text and HTML versions of the draft can be built using make. Command line usage requires that you have the necessary software installed. See the instructions.