(no title)
daemon13 | 12 years ago
Julien, do you have any news to address this Adam's point:
>> So how do you run forward secrecy with several servers and support session tickets? You need to generate session ticket keys randomly, distribute them to the servers without ever touching persistent storage and rotate them frequently. However, I'm not aware of any open source servers that support anything like that.
[0] https://www.imperialviolet.org/2013/06/27/botchingpfs.html
jvehent|12 years ago
I still believe that using PFS, even with this limitation, is safer than encrypting pre-master keys with a single private key that almost never rotates and is stored on plenty of servers.
daemon13|12 years ago
>> I still believe that using PFS, even with this limitation, is safer ...
I definitely agree, the problem is that usually there is more than 1 web server :-)
>> The standard is still to point clients to a single termination endpoint, and do active/passive cluster, so that there's no need to share the session tickets.
Sorry, I did not understand (esp. the active/passive cluster thing) - could you please may be add some pointers (blog post, etc) with more details?