[openssl-dev] PR 2351: Place ticket keys into secure memory
Short, Todd
tshort at akamai.com
Tue Feb 7 22:16:04 UTC 2017
vdukhovi wrote:
I don't think this change is useful at present. Most applications run with a single context for the lifetime of the process, so this makes no difference. We (perhaps I) first need to implement automated key rotation, and only then do I think it make sense to worry about attempting to scrub the ticket keys.
richsalz wrote:
I undesrstand @vdukhovni<https://github.com/vdukhovni>'s concerns. Let's discuss this on openssl-dev before merging this.
*discuss*
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170207/49646bb9/attachment.html>
More information about the openssl-dev
mailing list