[Hello71]

> I came across this, which documents how cloudscape does this securely - at least they rotate - but looks like read access to memcache+compromise of a single web server is enough to compromise the past hour or two of ssl traffic that goes through cloudflare?

but (depending on how you get in) you can probably also compromise the next few hours, so one extra hour doesn't seem like a huge difference, given that the scenario is somewhat unlikely in the first place.

[e12e]

It's relevant in terms of pfs. Say, you happen to have ciphertext of all traffic to a domain for the past three years (whitepower.forum.example.ru), and you get an urgent need to read that ciphertext. Now, if you could get physical access to any one cloudflare server, and perhaps dump the ram, or do a cold boot attack - that might have been enough to read all that data. Assume for the sake of argument, that the servers hosting the site is (physically) out of reach.

[Hello71]

aiui getting the current keys won't magically let you decrypt those three years of traffic. that's the whole point of rotation.

[e12e]

Yes, I wasn't trying to say rotation is useless - just highlight that n servers still lead to n avenues of getting at traffic for all n servers, and that cloudflare did something to deal with the pfs issue. It's worse than n servers without session resumption, but better than it could be.

[ed: per https://news.ycombinator.com/item?id=15360922 the window is 18 hours]