The case for prefetching and prevalidating TLS server certificates

Authors: E. Stark, L.S. Huang, D. Israni, C. Jackson, and D. Boneh

A key bottleneck in a full TLS handshake is the need to fetch and validate the server certificate before a secure connection can be established. We propose a mechanism by which a browser can prefetch and prevalidate server certificates so that by the time the user clicks on an HTTPS link the server's certificate is immediately ready to be used to setup a TLS session. Combining this with a recent proposal called Snap Start reduces the TLS handshake to zero round trips so that an HTTP request can be sent over HTTPS immediately upon request. Prefetching and prevalidating certificates improves web security by making it less costly for websites to enable TLS and by removing time pressure from the certificate validation process.

We implemented prefetching and prevalidation in the open-source browser Chromium, and performed extensive experiments to study the effects of four different prefetching strategies on server performance. Along the way we conducted a study of a popular certificate validation mechanism called OCSP and report on the performance and characteristics of common OCSP responders in the wild. The OCSP data collected, which is of independent interest, enabled us to evaluate the effectiveness of prefetching and prevalidating in reducing TLS handshake latency. We show a factor of four speed-up over the standard TLS handshake.

In proceedings of the 19th Annual Network & Distributed System Security Conference (NDSS 2012)

Full paper: pdf.