[gnutls-devel] GnuTLS | Update docs for session ticket key rotation (!768)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Oct 5 12:22:24 CEST 2018

Airtower started a new discussion on doc/cha-gtls-app.texi:

>  A server supporting session tickets must generate ticket encryption
>  and authentication keys using @funcref{gnutls_session_ticket_key_generate}.
>  Those keys should be associated with the GnuTLS session using
> - at funcref{gnutls_session_ticket_enable_server}, and should be rotated regularly
> -(e.g., every few hours), to prevent them from becoming long-term keys which
> -if revealed could be used to decrypt all previous sessions.
> + at funcref{gnutls_session_ticket_enable_server}.
> +
> +GnuTLS will rotate these keys regularly. The key rotation interval can be specified with
> + at funcref{gnutls_db_set_cache_expiration}. Every such interval, new keys will be generated from the initial keys
> +that were first established using @funcref{gnutls_session_ticket_enable_server}. This is
> +a necessary mechanism to prevent the keys from becoming long-term keys and as such preserve
> +forward-secrecy in the issued session tickets.
> +
> +The key generated with @funcref{gnutls_session_ticket_key_generate} will survive across forks.

I'm not sure what you mean by this paragraph. Does that mean that sessions won't stay the same across forks, or may the master keys start to diverge after forks as the processes call `gnutls_session_ticket_enable_server()`?  The former is no problem from my point of view. In the latter case, multi-process servers like Apache with mod_gnutls would need some way to synchronize keys (which would also be useful for server clusters anyway).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/768#note_106767939
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181005/813c41c7/attachment.html>

More information about the Gnutls-devel mailing list