On Sun, Nov 14, 2021 at 08:27:25AM +0000, John Mattsson wrote: > > I promised to send some information to the list regarding security > considerations for long connections. I think the (D)TLS 1.3 is > lacking considerations on this as well so I made an issue for > RFC8446bis. > > https://github.com/tlswg/tls13-spec/issues/1245
I expect most TLS stacks to happily continue the connection after external PSK (I think those do not even have standard expiry times) or certificate expires. And what about resumption PSKs? Those do have expiry times (IIRC, capped to 7 days). And then, certificate lifetime is complicated by possible presence of CRL or OCSP. Do those affect certificate lifetime? And some PKIs that actually take revocation seriously have point-in-time OCSP which effectively expires instantly. The problem with reauthentication is that the authentication might change. And any changes might require very careful coordination at application layer to avoid serious security issues. This is the reason why HTTP/2 absolutely bans TLS renegotiation and post- handshake authentication. Adding (EC)DHE rekey might at least be possible to do transparently, but TLS does not currently have such facility, so it would have to be a new extension. And, actually doing this is very much nontrivial cryptographically. -Ilari _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
