> On Aug 4, 2015, at 3:30 PM, Nikhil Marathe <nmara...@linkedin.com.INVALID> > wrote: > > Hi, > > This is Nikhil from Linkedin Engineering. > > A Key Rotation feature has been added to TLS session tickets; details: > http://comments.gmane.org/gmane.comp.apache.trafficserver.devel/2084 > > At present, this feature relies on periodic execution of traffic_line -x to > reload new keys. However traffic_line -x reloads entire configuration, and > so has a much wider impact than needed. > > In order to address this concern and to localize the impact of reloading > keys, we would like to propose following approach: > > ATS will schedule periodic continuation which checks the session ticket key > file. The reload interval will be records.configurable. If the session > ticket key file has been modified, ATS will reload the keys from the file.
Hi Nikhil, At the time we discussed the need for this and my view is still that it is not necessary. Reloading the SSL configuration should be completely harmless and it seems very straight forward for the job that populates the new keys to call traffic_line at the right time. cheers, James
