Add support for RFC5077 session tickets #16
Comments
|
We need some way to sync the current (and previous) encryption key. Using key expansion to be able to rotate periodically would be nice, but needs some thought around when to rotate them and if clocks are in sync between servers. We can perhaps use some hash chain for this, if we can recognize which key name that was used when a request arrives. In that case we can precompute the n before/next, and let the hitch instance with the most advanced clock set the pace. The others will follow onto the next chain entry either when they see the rebalanced client, or by themselves when their clock gets there. We get a rotation period in the configuration ("daily") without having to explicitly set up communication between hitches. |
|
No progress, and not scheduled to be worked on for a while. Moving this to the future features: https://github.com/varnish/hitch/wiki/Future-features |
https://www.ietf.org/rfc/rfc5077.txt
Related:
The text was updated successfully, but these errors were encountered: