httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: symmetric aes key
Date Sat, 07 Dec 2013 13:36:49 GMT
On Sat, Dec 7, 2013 at 11:52 AM, Michael Felt <> wrote:

> imho - it is a bad idea to store a session encryption key. I think the
> whole idea behind dynamic keys is that they are not stored. PKI is used to
> negotiate a key.
> If the session keys are static then, again imho, time would be better
> spent on code to establish dynamic session keys - that can be reestablished
> (i.e., new encryption keys) if the session is lost/interrupted.

Sebastian is talking about a research project, I guess he does not want
to store the sessions infos in a "production" environment.
At least this patch is not intended to be integrated in mod_ssl, I doubt it
would be accepted by the team...

View raw message