O.k some background. So Mutual Auth TLS, also called Client Auth TLS, or Client Certs, or MTLS, are all names for that crazy setup where you generate or give certificates to your clients and have them connect into your service. Seen in Intranets and MySQL conf since 2000.
TLS1.3 got rid of renegotiation entirely and added simple rekeying support to handle key exhaustion.
-
-
Why not just use larger keys? Can http servers still configure client cert requests on the basis of information contained in the url?
-
1/ With the math for AES block size and ChaCha20's stream it's still possible to hit the usage limits. There was talk of using an extended key schedule to mint more keys from the PRF, but that doesn't help PSK and other modes. Plus rekeying makes forward secrecy easier.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.