> On 7 Nov 2015, at 11:39 AM, Dave Garrett <davemgarr...@gmail.com> wrote: > > On Friday, November 06, 2015 08:13:44 pm Eric Rescorla wrote: >> Update: we discussed this extensively in Yokohama and based on Watson's >> feedback and offline comments from David McGrew, the consensus was that we >> needed to add some sort of rekeying mechanism to support long-lived flows. >> Expect a PR on this next week. >> >> Note: We'll still need guidance to implementations on when to re-key, but >> we don't expect to have a hard protocol limit. > > If re-keying is back up for discussion, let me restate my request for it to > be routine, rather than only an niche-case feature. Any re-key schedule > should be considered valid, but the spec should set a "SHOULD"-level > requirement that the minimum be once every N hours or M terabytes, whichever > comes first (where N & M are some bike-shedable numbers with some expectation > of randomization in values for each period).
N and M will be different depending on the algorithms, no? I think before we start with pull requests we should be certain of what the requirements are for this rekeying. Are we OK with just generating new keys from the same internal state (so the handshake message is pretty much only “rekey now”), or Do we want freshness (usually in the form of new mutual nonces, or Do we want forward secrecy so another diffie-hellamn exchange? Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
