On Tuesday, December 15, 2015 10:59:35 pm Martin Thomson wrote: > On 16 December 2015 at 14:57, Dave Garrett <davemgarr...@gmail.com> wrote: > > In fact, if we're OK with setting this rather low threshold, then we could > > even get rid of the rekey signal entirely and just have an automatic rekey > > after every 4GiB for all ciphers. That'd be one less complexity to deal > > with. Rekeys would be routine. > > I don't like automatic rekey (though I almost like the per-record > rekeying that I think was semi-facetiously suggested by someone). An > explicit rekey allows for two things: > - testing > - reducing the limit if we find that the cipher is more busted than > we originally thought (with respect to key overuse)
On Tuesday, December 15, 2015 11:01:41 pm Eric Rescorla wrote: > On Tue, Dec 15, 2015 at 7:59 PM, Martin Thomson <martin.thom...@gmail.com> > wrote: > Also, allows each side to have their own opinion. We could just make the threshold a configurable parameter, with default/maximum at 2^32 bytes. Each endpoint could just provide its threshold in a new extension. Both get to specify what they want and it could be lowered arbitrarily for testing or panic fix. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
