On Thu 2018-12-06 21:08:00 +0000, Andrei Popov wrote: > In a specific quick test that I did, there was no significant perf > impact with key reuse time > 1 sec. And I could probably get it down > to sub-seconds on my HW. But HW specs differ between TLS servers; our > current "ephemeral" key lifetime is a generous 30 sec., mainly because > we saw no reason to push for a lower key lifetime.
Is this on both client side and server side? That is, does SChannel as a client also use an "ephemeral" key lifetime of a generous 30 seconds? > "Truly malicious" is perhaps an overstatement for this easy workaround > explicitly permitted by the "Enterprise TLS" spec: > "In some essential circumstances, the visibility information field may be > omitted." The ETSI "Middlebox Security Protocol" explicitly aims to drop Annex A. They've said that they *want* visibility and that is an explicit goal. Surely the purpose of visibility is to ensure that both parties involved are running the significantly weaker eTLS, and not TLS. Opting for visibility while expecting clients to not do anything with the knowledge gained doesn't make much sense to me. --dkg
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls