Gary E. Miller via devel writes: > The C2S and S2C already get reused millions of times, what's a few more > million?
Both keys should only ever be used by a single client/server pair. These are symmetric keys, so whoever knows them can encrypt and decrypt all messages that use them. So sharing these keys among different servers would imply trust between them and hopefully we can agree that different pool servers are in no such relationship. > But, as you said, the TLS "has" to be renogotiated, so that state is lost > for the next request. No, re-keyed -- you specifically want to avoid the TLS renegotiation or even worse, reconnection. The session itself stays open. You could conceivably just open another connection inside the same session as far as TLS is concerned. I don't know which of the two options is more efficient. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Q+, Q and microQ: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
