The Case for Prefetching and Prevalidating TLS Server Certificates

A key bottleneck in a full TLS handshake is the need to fetch and validate the server certificate before a secure connection can be established. The authors propose a mechanism by which a browser can pre-fetch and pre-validate server certificates so that by the time the user clicks on an HTTPS link the server's certificate is immediately ready to be used to setup a TLS session. Combining this with a recent proposal called Snap Start reduces the TLS handshake to zero round trips so that an HTTP request can be sent over HTTPS immediately upon request.