| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Emil Lenngren <emil(dot)lenngren(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL renegotiation |
| Date: | 2015-02-22 13:05:27 |
| Message-ID: | 20150222130527.GE6093@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-02-22 01:27:54 +0100, Emil Lenngren wrote:
> I honestly wonder why postgres uses renegotiation at all. The motivation
> that cryptoanalysis is easier as more data is sent seems quite
> far-fetched.
I don't think so. There's a fair number of algorithms that can/could be
much easier be attached with lots of data available. Especially if you
can guess/know/control some of the data. Additionally renegotiating
regularly helps to constrain a possible key leagage to a certain amount
of time. With backend connections often being alive for weeks at a time
that's not a bad thing.
And it's not just us. E.g. openssh also triggers renegotiations based on
the amount of data sent.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-02-22 14:58:31 | Re: hash agg is slower on wide tables? |
| Previous Message | Petr Jelinek | 2015-02-22 13:04:18 | Re: Replication identifiers, take 4 |