On 2015-02-22 01:27:54 +0100, Emil Lenngren wrote:
> I honestly wonder why postgres uses renegotiation at all. The motivation
> that cryptoanalysis is easier as more data is sent seems quite
> far-fetched.
I don't think so. There's a fair number of algorithms that can/could be
much easier be attached with lots of data available. Especially if you
can guess/know/control some of the data. Additionally renegotiating
regularly helps to constrain a possible key leagage to a certain amount
of time. With backend connections often being alive for weeks at a time
that's not a bad thing.
And it's not just us. E.g. openssh also triggers renegotiations based on
the amount of data sent.
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services
