on its
own, just adding those bytes as the newest key-- right?
> > On Thu, Aug 20, 2015 at 11:27 AM, Bret Palsson wrote:
> >
> >> I sent a response on Aug 12. Here was what I sent. Are my messages being
> >> moderated? I'm not seeing the email in the archives
ox/trafficserver-dev/201508.mbox/browser
>>
>> -- Forwarded message --
>> From: Bret Palsson
>> Date: Wed, Aug 12, 2015 at 8:57 AM
>> Subject: Re: TLS Session Ticket: Key Rotation
>> To: dev@trafficserver.apache.org
>>
>>
>>
hat I sent. Are my messages being
> moderated? I'm not seeing the email in the archives.
>
> https://mail-archives.apache.org/mod_mbox/trafficserver-dev/201508.mbox/browser
>
> -- Forwarded message --
> From: Bret Palsson
> Date: Wed, Aug 12, 2015 at 8:57 AM
>
8:57 AM
Subject: Re: TLS Session Ticket: Key Rotation
To: dev@trafficserver.apache.org
Brian:
Thanks for summarizing this thread!
That would work operationally. I think there still there needs to be a safe
way to force a rotation without having to restart traffic_server and
reloading all the co
Bump, any last feedback regarding my previous email?
On Wed, Aug 12, 2015 at 1:54 PM, Brian Geffon wrote:
> I'd like to close the loop on this discussion. In general I believe there
> is a consensus that perhaps ssl_multicert is not the place to deal with
> ticket rotation and that if you're wil
I'd like to close the loop on this discussion. In general I believe there
is a consensus that perhaps ssl_multicert is not the place to deal with
ticket rotation and that if you're willing to have global session tickets
(meaning not tied to a specific domain) then the implementation that would
acco
On Thu, Aug 6, 2015 at 10:08 AM, James Peach wrote:
>
> > On Aug 6, 2015, at 9:56 AM, Leif Hedstrom wrote:
> >
> >
> >> On Aug 5, 2015, at 10:16 AM, James Peach wrote:
> >>
> >>
> >>> On Aug 5, 2015, at 8:22 AM, Susan Hinrichs <
> shinr...@network-geographics.com> wrote:
> >>>
> >>> I would arg
> On Aug 6, 2015, at 9:56 AM, Leif Hedstrom wrote:
>
>
>> On Aug 5, 2015, at 10:16 AM, James Peach wrote:
>>
>>
>>> On Aug 5, 2015, at 8:22 AM, Susan Hinrichs
>>> wrote:
>>>
>>> I would argue that the specification of the session ticket key in the
>>> ssl_multicert.config file is inappro
> On Aug 5, 2015, at 10:16 AM, James Peach wrote:
>
>
>> On Aug 5, 2015, at 8:22 AM, Susan Hinrichs
>> wrote:
>>
>> I would argue that the specification of the session ticket key in the
>> ssl_multicert.config file is inappropriate at least as the primary
>> mechanism. It seems that for t
> On Aug 5, 2015, at 4:10 AM, Bret Palsson wrote:
>
> The problem with reloading SSL configuration is if there is a problem with
> one of your certs, say a permission issue, ATS will unload all the certs
> from the running process and still accept traffic causing SSL errors.
That sounds like a
> On Aug 5, 2015, at 8:22 AM, Susan Hinrichs
> wrote:
>
> I would argue that the specification of the session ticket key in the
> ssl_multicert.config file is inappropriate at least as the primary mechanism.
> It seems that for the common case, you don't need to use different session
> keys
I would argue that the specification of the session ticket key in the
ssl_multicert.config file is inappropriate at least as the primary
mechanism. It seems that for the common case, you don't need to use
different session keys for different domains. You could specify one key
file set in reco
The problem with reloading SSL configuration is if there is a problem with
one of your certs, say a permission issue, ATS will unload all the certs
from the running process and still accept traffic causing SSL errors.
Being able to reload just the keys is much safer than trying to reload the
world
> On Aug 4, 2015, at 3:30 PM, Nikhil Marathe
> wrote:
>
> Hi,
>
> This is Nikhil from Linkedin Engineering.
>
> A Key Rotation feature has been added to TLS session tickets; details:
> http://comments.gmane.org/gmane.comp.apache.trafficserver.devel/2084
>
> At present, this feature relies on
> On Aug 4, 2015, at 4:30 PM, Nikhil Marathe
> wrote:
>
> Hi,
>
> This is Nikhil from Linkedin Engineering.
>
> A Key Rotation feature has been added to TLS session tickets; details:
> http://comments.gmane.org/gmane.comp.apache.trafficserver.devel/2084
>
> At present, this feature relies
Hi,
This is Nikhil from Linkedin Engineering.
A Key Rotation feature has been added to TLS session tickets; details:
http://comments.gmane.org/gmane.comp.apache.trafficserver.devel/2084
At present, this feature relies on periodic execution of traffic_line -x to
reload new keys. However traffic_l
16 matches
Mail list logo
