Re: [perpass] TLS/SSL Key Rotation
Yoav Nir <ynir@checkpoint.com> Wed, 04 September 2013 03:55 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83E9021E815A for <perpass@ietfa.amsl.com>; Tue, 3 Sep 2013 20:55:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.631
X-Spam-Level:
X-Spam-Status: No, score=-10.631 tagged_above=-999 required=5 tests=[AWL=-0.032, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJB0ffB0Li1u for <perpass@ietfa.amsl.com>; Tue, 3 Sep 2013 20:55:47 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 13F7A21E8170 for <perpass@ietf.org>; Tue, 3 Sep 2013 20:55:29 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r843t9tX030884; Wed, 4 Sep 2013 06:55:10 +0300
X-CheckPoint: {5226AF1D-19-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.173]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Wed, 4 Sep 2013 06:55:09 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Yakov Shafranovich <yakov-ietf@shaftek.org>
Thread-Topic: [perpass] TLS/SSL Key Rotation
Thread-Index: AQHOqPxYqU3pLmniEkumgG6N8QMSgJm0wNeA
Date: Wed, 04 Sep 2013 03:55:09 +0000
Message-ID: <B6DB9809-27C0-40AE-B3FD-9F4DE6CCB135@checkpoint.com>
References: <CAPQd5oRJK60472CC3ZPT38QZo7Ld8TjN545-JQLasuDDNAfVDw@mail.gmail.com>
In-Reply-To: <CAPQd5oRJK60472CC3ZPT38QZo7Ld8TjN545-JQLasuDDNAfVDw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.21.224]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="us-ascii"
Content-ID: <FB5FBC5C8D4B3147BF0A2E155F722981@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] TLS/SSL Key Rotation
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2013 03:55:53 -0000
On Sep 4, 2013, at 2:18 AM, Yakov Shafranovich <yakov-ietf@shaftek.org> wrote: > [splitting threads] > > On Tue, Sep 3, 2013 at 8:47 AM, Stephen Farrell > <stephen.farrell@cs.tcd.ie> wrote: >> On 09/03/2013 01:11 PM, Yakov Shafranovich wrote: >>> The CA/browser forum has begun some steps in this direction by >>> lowering validity of SSL server certificates to 18 months. Is there a >>> place for a discussion on recommending a lower time period for key >>> rotation with the ensuing implications for those who do not want/can >>> not use PFS? >> >> This list is a fine place for discussing that if you >> think that a shorter RSA key rollover duty cycle would >> impact on pervasive monitoring. I'm not clear as to >> how it would though. Have you some scenario in mind? >> > > The scenario would be where the RSA key on the server is compromised > or forcefully disclosed via a court order or other legal mechanism. > The shorter the interval, the less data would be available to the > potential attacker. There has been media discussion about this with > the US Government [1] where providers are forced to hand over their > keys. I agree with Stephen that key rollover would never be frequent enough to provide meaningful FS. It's also likely that a country where court orders for RSA keys get issued will also have laws requiring companies to retain old private keys for a certain period of time, just as there are laws requiring the retention of certain documents and correspondence. Is seems to me that using ciphersuites with PFS, whether ECDHE or DHE, would be a better way. Google is not implementing it at scale on their servers. All browsers support some ECDHE ciphersuites, and they're also supported in libraries such as OpenSSL. So PFS is just a configuration away. Easier than manually or automatically rotating certificates often, no? Yoav
- [perpass] TLS/SSL Key Rotation Yakov Shafranovich
- Re: [perpass] TLS/SSL Key Rotation Stephen Farrell
- Re: [perpass] TLS/SSL Key Rotation Yakov Shafranovich
- Re: [perpass] TLS/SSL Key Rotation Yoav Nir
- Re: [perpass] TLS/SSL Key Rotation Patrick Pelletier
- Re: [perpass] TLS/SSL Key Rotation Randy Bush