Re: Speed of SSL connections; cost of renegotiation

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Curt Sampson <cjs@cynic.net>
Cc: "scott.marlowe" <scott.marlowe@ihs.com>, pgsql-hackers@postgresql.org, pgsql-interfaces@postgresql.org
Date: 2003-04-12T05:26:26Z
Lists: pgsql-hackers
Curt Sampson <cjs@cynic.net> writes:
> On Fri, 11 Apr 2003, Tom Lane wrote:
>> I realized this morning that there's probably a security tradeoff
>> involved: renegotiating the session key limits the amount of session
>> data encrypted with any one key, which is good; but each renegotiation
>> requires another use of the server key, increasing the odds that an
>> eavesdropper could break *that* (which'd let him into all sessions not
>> just the one).

> This seems extremely low-risk to me; there's very little data
> transferred using the server key.

Perhaps, but the downside if the server key is broken is much worse
than the loss if any one session key is broken.  Also, I don't know
how stylized the key-renegotiation exchange is --- there might be
a substantial known-plaintext risk there.

The fact that sshd thinks it necessary to choose a new server key as
often as once an hour indicates to me that they consider the risks
nonnegligible.

			regards, tom lane