[ech] Loading time and flushing
Stephen Farrell
stephen.farrell at cs.tcd.ie
Fri Oct 6 19:44:18 UTC 2023
Hiya,
On 06/10/2023 19:32, Watson Ladd wrote:
> So the pattern I've seen work is that each server has a window of 3
> keys: past, current, future. it will accept any of them to decrypt from
> a client, but only hands out the current key. On a rotation
> (synchronized to the top of the hour or something similar) it forgets
> the past, makes the current past, the future current, and grabs a new
> future key. So long as all machines are within a few minutes of
> synchronization this prevents any outages. Generally the next few keys
> will be present in whatever storage system is used for keys so that a
> disruption to generation will have a comfortable recovery time, but
> aren't loaded.
So with the current APIs, that seems doable, though I
guess it could be made easier if the for_retry value
were a number of seconds rather than a boolean? (I.e.
if when we load a key we say for how long to make the
related ECHCOnfig available in retry_configs?) If a
server rebooted half way though the hour then it could
realise that and set the values accordingly.
Would that do the trick?
Cheers,
S.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20231006/99efc68b/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20231006/99efc68b/attachment.sig>
More information about the ech
mailing list