freebsd security - Apr 2003 - How often should an encrypted session be rekeyed?

Using OpenSSL, is there a preferred/recommended rate of rekeying an
encrypted stream of data?  Does OpenSSL handle this for developers
behind the scenes?  Does it even need to be rekeyed?

Thanks in advance.  -sc

-- 
Sean Chittenden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 202 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030411/5d71796e/attachment.bin

> > Using OpenSSL, is there a preferred/recommended rate of rekeying
> > an encrypted stream of data?  Does OpenSSL handle this for
> > developers behind the scenes?  Does it even need to be rekeyed?
> 
> "Depends". I recommend the O'Reilly book on OpenSSL for this
and
> related OpenSSL programming docs.
> 
> ISBN: 0-596-00270-X
Thanks, I may have to stop through B&N tonight.  I know it depends on
the strength of the cypher, the data transfered, and time between the
last rekeying, but I was wondering on what scale this should happen.
Once an hour?  Once every X bytes?  Does OpenSSL handle this for
developers? I looked at OpenSSH and mod_ssl and couldn't find any
indication as to how often things are rekeyed beyond "whenever the
client requests it," but looking at client code didn't tell me much
either.

Do you know of any online URLs with useful bits?  -sc

-- 
Sean Chittenden

Sean Chittenden writes:
> Using OpenSSL, is there a preferred/recommended rate of rekeying an
> encrypted stream of data?  Does OpenSSL handle this for developers
> behind the scenes?  Does it even need to be rekeyed?
"Depends". I recommend the O'Reilly book on OpenSSL for this and
related OpenSSL programming docs.

ISBN: 0-596-00270-X

M
--
Mark Murray
iumop ap!sdn w,I idlaH