On 3/23/10 at 8:21 AM, pe...@piermont.com (Perry E. Metzger) wrote: > Ekr has an interesting blog post up on the question of whether protocol > support for periodic rekeying is a good or a bad thing: > > http://www.educatedguesswork.org/2010/03/against_rekeying.html > > I'd be interested in hearing what people think on the topic. I'm a bit > skeptical of his position, partially because I think we have too little > experience with real world attacks on cryptographic protocols, but I'm > fairly open-minded at this point.
Eric didn't mention it in his blog post, but he has been deeply involved in cleaning up the mess left by a protocol error in in SSLv3 and subsequent TLS versions. This error was in the portion of the protocols which supported rekeying and created a vulnerability that affected all users of those protocols, whether they used the rekeying part or not. The risks from additional protocol complexity must be balanced with the benefits of including the additional facility. My own opinion is that in this case, the benefits didn't justify the risk. The few applications which desired rekeying could have been designed to build a completely new TLS connection, avoiding the risk for everyone. Cheers - Bill ----------------------------------------------------------------------- Bill Frantz | I like the farmers' market | Periwinkle (408)356-8506 | because I can get fruits and | 16345 Englewood Ave www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
