James Cloos <[email protected]> wrote: >>>>>> "PH" == Phillip Hallam-Baker <[email protected]> writes: > > PH> To me, rekey implies rebuilding the authentication relationship > PH> between the end points. Thats a lot more work. > > I don't think that meshes with what most of the participants in the > tls1.3 discussion think. > > My understanding of all of the rekey-instead-of-renegotiate threads > is that everyone who wants that expects to use the same algorithm > initially used to negotiate the symmetric key to negotiate a new one > without any changes to which symmetric algorithm is used, or to any > authentication which took place at the start. > > So it seems that there is significant interest in just changing the > symmetric keys every so often for long-running tls sockets.
Bellovin & others did a lot of work on JFK, Just Fast Keying. I do not now recall details, just that it looked sensible to me at the time. There was once an Internet Draft, but I think it has long since expired. Several papers are linked at: https://www.cs.columbia.edu/~smb/papers/ Would this solve any of the problems under discussion? _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
