On the Interplay between TLS Certificates and QUIC Performance

On the Interplay between TLS Certificates and QUIC Performance

This repository contains the software artifacts which have been used to measure the QUIC TLS certificate ecosystem. This is a release version from the official artifacts repository.

NOTE: If you use our tools, please cite our paper as follows:

On the Interplay between TLS Certificates and QUIC Performance
M. Nawrocki, P. F. Tehrani, R. Hiesgen, J. Mücke,  T. C. Schmidt, and M. Wählisch
In Proceedings of CoNEXT '22, December 6–9, 2022, Rome, Italy
ACM, New York, NY, USA, 10 pages
https://doi.org/10.1145/3555050.3569123

Abstract

In this paper, we revisit the performance of the QUIC connection setup  and relate the design choices for fast and secure connections to common Web deployments.
We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results.
First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35% of server certificates exceed the amplification limit.
Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios.
We present guidance for all involved stakeholders to improve the situation.