Key lifetime: C2S and S2C
Richard Laager
rlaager at wiktel.com
Sat Jan 19 23:49:38 UTC 2019
On 1/19/19 5:42 PM, Hal Murray via devel wrote:
>
> I asked on the IETF NTP list.
>
> dfoxfranke at gmail.com said:
>> On Sat, Jan 19, 2019 at 6:23 AM Hal Murray <hmurray at megapathdsl.net> wrote:
>>> Is that number so large for the algorithms we will use that we don't have to
>>> consider it? Assume the client is sending 1 packet per second... If the
>>> answer is over 100 years, I'm happy.
>> The recommendation for AES-SIV is to encrypt no more than 2**48 messages
>> under the same key. At one message per second that's almost 9 million years.
>> If you (unwisely) use AES-GCM instead, where the recommended limit is 2**32
>> messages, that's still 136 years.
So enforcing key rollover isn't a concern. The recommended server key
rotation is primarily about forward secrecy then, I presume.
--
Richard
More information about the devel
mailing list