| From: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
|---|---|
| To: | Curt Sampson <cjs(at)cynic(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org>, <pgsql-interfaces(at)postgresql(dot)org> |
| Subject: | Re: Speed of SSL connections; cost of renegotiation |
| Date: | 2003-04-11 15:07:11 |
| Message-ID: | Pine.LNX.4.33.0304110855430.2900-100000@css120.ihs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-interfaces |
On Fri, 11 Apr 2003, Curt Sampson wrote:
> On Thu, 10 Apr 2003, Tom Lane wrote:
>
> > So, questions for the group: where did the decision to renegotiate every
> > 64K come from? Do we need it at all? Do we need it at such a short
> > interval? And if we do need it, shouldn't the logic be symmetric, so
> > that renegotiations are forced during large input transfers as well as
> > large output transfers?
>
> Yes, you do want renegotiations, for two reasons. One is that if you use
> the same key over a long period of time, you offer too much same-keyed
> cryptographic material to an attacker, and increase his chances of a
> successful attack. The second is that you limit the amount of data that
> can be compromised should someone get hold of your current key. (Though if
> they've got that from your server, they've probably got access to the database
> itself, too, so I wouldn't worry so much about this.)
>
> I don't actually know how often you should renegotiate, but I'd guess
> that 64K is really very much not the right value. It's probably not
> enough for DES, and is way too much for anything else. One hour seems to
> be a popular session key renegotiation interval for SSH and IPSec; why
> not start with that?
Ummm. I'm not comfortable with using a time based period for
renogatiation. What can move in an hour from a P100 on Arcnet versus a 32
CPU altix on switched fabric are two entirely different things. If there
is a "sweet spot" for how often to renogotiate it would be based on
amount. Basing it on time introduces too much variability. You'd have
to basically say that x bytes is as much as you should encrypt with one
key, then base time t on t=xr where r is the max rate you can expect on a
given server, and rate can vary too wildly. In fact, setting a time
period of 5 minutes for large server might well be too seldom, and 30
minutes on the small slow Sparc IPC in the back room is too often.
If it is a GUC then the user can adjust it. I'm comfortable with that,
since there's a lot of variability to where postgresql gets used and what
it gets used for.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-04-11 15:24:33 | Re: Speed of SSL connections; cost of renegotiation |
| Previous Message | Davide Romanini | 2003-04-11 14:43:03 | Re: Charset encoding and accents |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-04-11 15:24:33 | Re: Speed of SSL connections; cost of renegotiation |
| Previous Message | Bruno Wolff III | 2003-04-11 14:29:18 | Re: export to excel format |