From owner-freebsd-security@FreeBSD.ORG  Fri Apr 18 13:58:21 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 57A7C37B401
	for <security@freebsd.org>; Fri, 18 Apr 2003 13:58:21 -0700 (PDT)
Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DC6FE43F85
	for <security@freebsd.org>; Fri, 18 Apr 2003 13:58:20 -0700 (PDT)
	(envelope-from sean@perrin.int.nxad.com)
Received: by perrin.int.nxad.com (Postfix, from userid 1001)
	id 61B9521083; Fri, 18 Apr 2003 13:58:20 -0700 (PDT)
Date: Fri, 18 Apr 2003 13:58:20 -0700
From: Sean Chittenden <sean@chittenden.org>
To: Mark Murray <mark@grondar.org>
Message-ID: <20030418205820.GF79923@perrin.int.nxad.com>
References: <20030411182758.GN79923@perrin.int.nxad.com>
	<200304182028.h3IKShQ5008767@grimreaper.grondar.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200304182028.h3IKShQ5008767@grimreaper.grondar.org>
User-Agent: Mutt/1.4i
X-PGP-Key: finger seanc@FreeBSD.org
X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0  83A6 DD99 E31F BC84 B341
X-Web-Homepage: http://sean.chittenden.org/
cc: security@freebsd.org
Subject: Re: How often should an encrypted session be rekeyed?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2003 20:58:21 -0000

> > Using OpenSSL, is there a preferred/recommended rate of rekeying
> > an encrypted stream of data?  Does OpenSSL handle this for
> > developers behind the scenes?  Does it even need to be rekeyed?
> 
> "Depends". I recommend the O'Reilly book on OpenSSL for this and
> related OpenSSL programming docs.
> 
> ISBN: 0-596-00270-X

Thanks, I may have to stop through B&N tonight.  I know it depends on
the strength of the cypher, the data transfered, and time between the
last rekeying, but I was wondering on what scale this should happen.
Once an hour?  Once every X bytes?  Does OpenSSL handle this for
developers? I looked at OpenSSH and mod_ssl and couldn't find any
indication as to how often things are rekeyed beyond "whenever the
client requests it," but looking at client code didn't tell me much
either.

Do you know of any online URLs with useful bits?  -sc

-- 
Sean Chittenden