On Wed, Apr 26, 2000 at 04:49:19PM +0200, Alexander 'Alfe' Fetke wrote:
...
> there should be no problem in keeping up a session for several hours; in
> fact, a week should (technically) be no problem. ssl even provides a
> feature to cache ssl connections which allows communicators to skip the
> costly handshake procedure on later re-establishments of the old session.
>
> academically speaking, a session becomes more and more subject to attacks
> while you use it because the more you use the session key (i.e. the more
> data you encrypt with it) the easier it becomes to crack that key. but we
> are talking about needing 10^14 years instead of 10^15 years in that
> matter, so this should not be a problem ;-)
...
The TLS specification (RFC 2246) recommends a maximum lifetime for a session
of 24h.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
