On Tue, Mar 17, 2009 at 10:26:35AM -0700, Robert Relyea wrote: > Cert selection for Firefox does need to be improved. On the other hand, > I found the larger memory footprint argument someone confusing. At the > cost of about 20 bytes per client you would rather chew up CPU and > network resources? That seems like a poor tradeoff to me.
The numbers I remember are ~250 bytes per session without a cert, and ~1-2K if a client cert is used, which is the case in question. But the point about trading off against CPU/network resources is a good one. RFC 5246 mentions an "upper limit" of 24 hours for session ID lifetime, which implies a maximum rather than a default. I'll see about getting the mod_ssl default bumped to 12 hours and see how that works out. Does that seem reasonable? regards, Joe -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto