Re: Speed of SSL connections; cost of renegotiation
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Curt Sampson <cjs@cynic.net>
Cc: "scott.marlowe" <scott.marlowe@ihs.com>, pgsql-hackers@postgresql.org, pgsql-interfaces@postgresql.org
Date: 2003-04-12T05:26:26Z
Lists: pgsql-hackers
Curt Sampson <cjs@cynic.net> writes: > On Fri, 11 Apr 2003, Tom Lane wrote: >> I realized this morning that there's probably a security tradeoff >> involved: renegotiating the session key limits the amount of session >> data encrypted with any one key, which is good; but each renegotiation >> requires another use of the server key, increasing the odds that an >> eavesdropper could break *that* (which'd let him into all sessions not >> just the one). > This seems extremely low-risk to me; there's very little data > transferred using the server key. Perhaps, but the downside if the server key is broken is much worse than the loss if any one session key is broken. Also, I don't know how stylized the key-renegotiation exchange is --- there might be a substantial known-plaintext risk there. The fact that sshd thinks it necessary to choose a new server key as often as once an hour indicates to me that they consider the risks nonnegligible. regards, tom lane