Ask Your Question

TLS 1.3 certificate length

asked 2020-05-04 15:05:43 +0000

alajeb gravatar image

Hello, I'm working on analyzing TLS 1.3 traffic and I'm focusing on certificate messages. The certificate in TLS 1.3 are sent in an encrypted form and I'm extracting the length of these certificates for further analysis. I want to know If for a given server the certificate length will always be the same or no? (We don't take in consideration session resumption case)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-05-04 21:39:18 +0000

Bob Jones gravatar image

I want to know If for a given server the certificate length will always be the same

X.509 certificates have an expiration date so the answer is no, the certificate will not always be the same so it follows the length may not always be the same. It could also be revoked prior to expiration, necessitating the acquisition of a new certificate (and possibly a new chain, all with possibly varying lengths). However, for any given short period of time, they will likely be constant. Short is relative - it is most likely up to the expiration time at least, but it can't be guaranteed. Whether or not this short period is good enough is completely dependent on the problem at hand.

Of course, if it is your server, and you make a certificate/pki infrastructure that lasts forever (my definition of forever is anything past my retirement age) and you choose to never change the credentials, then you could claim the certificate length will never change.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-05-04 15:05:43 +0000

Seen: 488 times

Last updated: May 04 '20