On Sat, Dec 7, 2013 at 11:52 AM, Michael Felt <mamf...@gmail.com> wrote:
> imho - it is a bad idea to store a session encryption key. I think the > whole idea behind dynamic keys is that they are not stored. PKI is used to > negotiate a key. > > If the session keys are static then, again imho, time would be better > spent on code to establish dynamic session keys - that can be reestablished > (i.e., new encryption keys) if the session is lost/interrupted. > Sebastian is talking about a research project, I guess he does not want to store the sessions infos in a "production" environment. At least this patch is not intended to be integrated in mod_ssl, I doubt it would be accepted by the team...
