Re: Speed of SSL connections; cost of renegotiation

On Thu, 10 Apr 2003, Tom Lane wrote:

> So, questions for the group: where did the decision to renegotiate every
> 64K come from? Do we need it at all? Do we need it at such a short
> interval? And if we do need it, shouldn't the logic be symmetric, so
> that renegotiations are forced during large input transfers as well as
> large output transfers?

Yes, you do want renegotiations, for two reasons. One is that if you use
the same key over a long period of time, you offer too much same-keyed
cryptographic material to an attacker, and increase his chances of a
successful attack. The second is that you limit the amount of data that
can be compromised should someone get hold of your current key. (Though if
they've got that from your server, they've probably got access to the database
itself, too, so I wouldn't worry so much about this.)

I don't actually know how often you should renegotiate, but I'd guess
that 64K is really very much not the right value. It's probably not
enough for DES, and is way too much for anything else. One hour seems to
be a popular session key renegotiation interval for SSH and IPSec; why
not start with that?

If you really are concerned, I can ask an expert.

And yes, both ends should renegotiate.

cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC