论文标题
在TLS证书和Quic绩效之间的相互作用上
On the Interplay between TLS Certificates and QUIC Performance
论文作者
论文摘要
在本文中,我们重新审视了Quic连接设置的性能,并将快速安全连接的设计选择与常见的Web部署相关联。我们通过272K启用Quic的服务分析了1M Web域,并找到了两个令人担忧的结果。首先,创建,提供和获取Web证书的当前实践破坏了连接设置期间的往返时间,因为服务器证书的尺寸超过了扩增限制。其次,非标准的服务器实现会导致比QUIC许可更大的放大因素,这在IP欺骗方案中甚至进一步增加了。我们为所有相关利益相关者提供指导,以改善情况。
In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35% of server certificates exceed the amplification limit. Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios. We present guidance for all involved stakeholders to improve the situation.
