On the Interplay between TLS Certificates and QUIC Performance

Research output: Contribution to book/conference proceedings/anthology/reportConference contributionContributedpeer-review

Contributors

  • Marcin Nawrocki - , Free University of Berlin (Author)
  • Pouyan Fotouhi Tehrani - , Fraunhofer Institute for Open Communication Systems (Author)
  • Raphael Hiesgen - , Hamburg University of Applied Sciences (Author)
  • Jonas Mücke - , Free University of Berlin (Author)
  • Thomas C. Schmidt - , Hamburg University of Applied Sciences (Author)
  • Matthias Wählisch - , Chair of Distributed and Networked Systems, Free University of Berlin (Author)

Abstract

In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35% of server certificates exceed the amplification limit. Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios. We present guidance for all involved stakeholders to improve the situation.

Details

Original languageEnglish
Title of host publicationProceedings of ACM CoNEXT 2022
PublisherACM New York, NY, USA
Pages204-213
Number of pages10
Publication statusPublished - 30 Nov 2022
Peer-reviewedYes

External IDs

Scopus 85144816543
ORCID /0000-0002-3825-2807/work/142241889

Keywords

Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards

Subject groups, research areas, subject areas according to Destatis