On Sep 4, 2013, at 2:18 AM, Yakov Shafranovich <[email protected]> wrote:
> [splitting threads] > > On Tue, Sep 3, 2013 at 8:47 AM, Stephen Farrell > <[email protected]> wrote: >> On 09/03/2013 01:11 PM, Yakov Shafranovich wrote: >>> The CA/browser forum has begun some steps in this direction by >>> lowering validity of SSL server certificates to 18 months. Is there a >>> place for a discussion on recommending a lower time period for key >>> rotation with the ensuing implications for those who do not want/can >>> not use PFS? >> >> This list is a fine place for discussing that if you >> think that a shorter RSA key rollover duty cycle would >> impact on pervasive monitoring. I'm not clear as to >> how it would though. Have you some scenario in mind? >> > > The scenario would be where the RSA key on the server is compromised > or forcefully disclosed via a court order or other legal mechanism. > The shorter the interval, the less data would be available to the > potential attacker. There has been media discussion about this with > the US Government [1] where providers are forced to hand over their > keys. I agree with Stephen that key rollover would never be frequent enough to provide meaningful FS. It's also likely that a country where court orders for RSA keys get issued will also have laws requiring companies to retain old private keys for a certain period of time, just as there are laws requiring the retention of certain documents and correspondence. Is seems to me that using ciphersuites with PFS, whether ECDHE or DHE, would be a better way. Google is not implementing it at scale on their servers. All browsers support some ECDHE ciphersuites, and they're also supported in libraries such as OpenSSL. So PFS is just a configuration away. Easier than manually or automatically rotating certificates often, no? Yoav _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
