TL;DR
This paper analyzes how TLS certificates impact QUIC connection performance, revealing that current certificate practices and non-standard implementations hinder connection speed and security, with recommendations for stakeholders.
Contribution
It provides a detailed analysis of over 1 million web domains, identifying issues in certificate practices and server implementations affecting QUIC performance and security.
Findings
35% of server certificates exceed amplification limits
Non-standard implementations increase amplification factors
IP spoofing scenarios worsen amplification issues
Abstract
In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35% of server certificates exceed the amplification limit. Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios. We present guidance for all involved stakeholders to improve the situation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
