git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan.karger@fox-it.com>
	Tue, 9 May 2017 18:42:48 +0000 (20:42 +0200)
committer	David Sommerseth <davids@openvpn.net>
	Tue, 9 May 2017 20:13:01 +0000 (22:13 +0200)
commit	5806f66eb927a6a698c0f067f563d7bc2203a376
tree	63fcb25a4fc8b44c8ddec32fec3916fb4cbd18ad	tree
parent	f403b9a2bf93f0fa35ee8316c2d219f48638a3e5	commit \| diff

Document tls-crypt security considerations in man page

The tls-crypt commit message contained an elaborate discussion on the
function's security properties. This commit adds the gist of that
discussion, "rotate keys periodically" to the man page.

(The 'real' solution will follow later: add support for per-client
tls-crypt keys. That will make tls-crypt useful for VPN providers too.)

Note to non-crypto-geek reviewers: please verify that this text is clear
enough to explain you when you need to replace tls-crypt keys.

Note to crypto-geek reviewers: please check the numbers - see the
--tls-crypt commit message (c6e24fa3) for details.

[DS: Fixed a few typos on-the-fly during commit]

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <1494355368-20238-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14610.html
Signed-off-by: David Sommerseth <davids@openvpn.net>