[Cryptography] [messaging] Gossip doesn't save Certificate Transparency

[Jerry Leichter]

On Oct 17, 2014, at 7:32 AM, Jerry Leichter <leichter at lrw.com> wrote:
> ...Since we're talking specifically about size, keep in mind that my 30 meg estimate was deliberately on the high side, assuming 100,000 RSA keys and uncompressed site names.  If you use ECC, compressed site names, and let those for whom size is a major issue use a shorter list, the file could be dramatically smaller....
There was some debate about whether regularly distributing a 30MB file of keys was feasible.  I recently came across an interesting bit of data:  http://httparchive.org/interesting.php has statistics on the average sizes of web pages.

For the Top 100 sites, they report an average page size of 1.288MB.  The size grows as you move to larger samples:  The top 1000 sites have an average page size of 1.728MB, while their entire set measures out to 1.944MB.

The trend is upward - a year ago, the measurement for the entire set was 1.617MB.  (The Top 100 sites also grew, but much more slowly - a year ago they were at 1.27MB.)

I didn't look into details of how they define their groupings of sites and how they do their measurements, all of which matter; and I don't know if they have information about mobile sites, which are presumably smaller.  (The site has plenty of these details.)  But these numbers give a least a rough idea of what kind of data sizes you can expect on the Internet today.  Even if you read just the Top 100 sites (in which case why would you need the keys for the Top 100,000?), my simple-minded 30MB download is the equivalent of a bit over 23 page loads.  Hardly seems excessive.
                                                        -- Jerry