> On May 3, 2017, at 11:22 AM, Colm MacCárthaigh <c...@allcosts.net> wrote:
>
> There's nothing enforcing that, and research has shown STEKs being used for
> long periods of time.
That's an implementation defect. Not a problem with STEKs as such.
In Postfix STEK lifetime == 2 * session lifetime (the latter defaults to 1
hour).
Some time this year I'll introduce key rotation by default into OpenSSL, which
will result in short-term STEKs for all applications that don't implement
session
ticket key management callbacks. That way, it is not just applications that
take
the time to handle key rotation that will get short-term STEKs.
Mind you, long-lived servers such as Apache, Nginx, ... should also implement
key rotation via the relevant callback mechanisms and should not use static
keys. Sloppy implementations are not a problem with STEKs, the same sloppy
implementations will just as likely have insecure caches.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
