[gnutls-devel] GnuTLS | Update docs for session ticket key rotation (!768)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Oct 11 17:45:13 CEST 2018

Ander Juaristi commented on a discussion on doc/cha-gtls-app.texi:

>  A server supporting session tickets must generate ticket encryption
>  and authentication keys using @funcref{gnutls_session_ticket_key_generate}.
>  Those keys should be associated with the GnuTLS session using
> - at funcref{gnutls_session_ticket_enable_server}, and should be rotated regularly
> -(e.g., every few hours), to prevent them from becoming long-term keys which
> -if revealed could be used to decrypt all previous sessions.
> + at funcref{gnutls_session_ticket_enable_server}.
> +
> +GnuTLS will rotate these keys regularly. The key rotation interval can be specified with
> + at funcref{gnutls_db_set_cache_expiration}. Every such interval, new keys will be generated from the initial keys
> +that were first established using @funcref{gnutls_session_ticket_enable_server}. This is

Forget the previous message. This should be the good one.

Those will be the initial keys, but GnuTLS will rotate them regularly. The key rotation interval
can be changed with @funcref{gnutls_db_set_cache_expiration}. The key rotation interval will be
three times the ticket expiration time (ie. three times the value given in that function).
Every such interval, new keys will be generated from those initial keys. This is a necessary mechanism
to prevent the keys from becoming long-term keys
and as such preserve forward-secrecy in the issued session tickets. If no explicit key rotation interval
is provided, GnuTLS will rotate them every 18 hours by default.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/768#note_108147312
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181011/ba3ca26a/attachment-0001.html>

More information about the Gnutls-devel mailing list