Hi,
Looks good except for some typos:
On Tue, May 9, 2017 at 2:42 PM, Steffan Karger <steffan.kar...@fox-it.com>
wrote:
> The tls-crypt commit message contained an elaborate discussion on the
> function's security properties. This commit adds the gist of that
> discussion, "rotate keys periodically" to the man page.
>
> (The 'real' solution will follow later: add support for per-client
> tls-crypt keys. That will make tls-crypt useful for VPN providers too.)
>
> Note to non-crypto-geek reviewers: please verify that this text is clear
> enough to explain you when you need to replace tls-crypt keys.
>
> Note to crypto-geek reviewers: please check the numbers - see the
> --tls-crypt commit message (c6e24fa3) for details.
>
> Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
> ---
> v2: clarify that 2^16 packets is a conservative estimate, use plural
> year*s*
>
> doc/openvpn.8 | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index c3248fd..06f8c66 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -5090,6 +5090,29 @@ In contrast to
> .B \-\-tls\-crypt
> does *not* require the user to set
> .B \-\-key\-direction\fR.
> +
> +.B Security Considerations
> +
> +All peers use the same
> +.B \-\-tls-crypt
> +pre-shared group key to authenticate and encrypt control channel
> messages. To
> +ensure that IV collisions remain unlikely, this key should not be used to
> +encrypt more than 2^48 client-to-server or 2^48 server-to-client control
>
+channel messages. A typical initial negotiation is about 10 packets in
> each
> +direction. Assuming both initial negotation and renogatiations are at
> most
>
"negotiation", "renegotiations"
> +2^16 (65536) packets (too be conservative), and (re)negotiations happen
> each
>
"to" instead of "too"
> +minute for each user (24/7), this limits the tls\-crypt key lifetime to
> 8171
> +years divided by the number of users. So a setup with 1000 users should
> rotate
> +the key at least once each eight years. (And a setup with 8000 users each
> +year.)
> +
> +If IV collisions were to occur, this could result in the security of
> +.B \-\-tls\-crypt
> +degrading to the same security as using
> +.B \-\-tls\-auth\fR.
> +That is, the control channel still benefits from the extra protection
> against
> +active man-in-the-middle-attacks and DoS attacks, but may no longer offer
> +extra privacy and post-quantum security on top of what TLS itself offers.
> .\"*********************************************************
> .TP
> .B \-\-askpass [file]
>
Reads well otherwise. So ACK assuming typos will be fixed :)
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
