While a TLS uses the same key throughout a session, keys within a Signal session constantly evolve.
What are we defining as a “session” for Signal? The vast majority of TLS sessions exist for the duration of pulling down a web page. Dynamically interact with that page? New HTTP request backed by a new TLS session. Sure, there are exceptions like WebSockets, but by and large TLS sessions are often short.
Is a Signal session the duration of sending a single message? An entire conversation? The entire time you have someone in your address book? It doesn’t seem like an apples-to-apples comparison.
I think the biggest thing here is that beyond just a session key (to make sessions secure from each other), this approach uses a rotating session key. That means each transaction in a sesssion is unique ensuring forward and backward secrecy.
I may have read it wrong plus cybersecurity is not my forte.
TLS can do key rotation too, it’s just not needed in practice. The QUIC RFCs talk about it a bit, e.g. when using ChaCha20 the key usage limit is actually larger than the defined limit for transmitted data, making it only potentially relevant for AES.
What are we defining as a “session” for Signal? The vast majority of TLS sessions exist for the duration of pulling down a web page. Dynamically interact with that page? New HTTP request backed by a new TLS session. Sure, there are exceptions like WebSockets, but by and large TLS sessions are often short.
Is a Signal session the duration of sending a single message? An entire conversation? The entire time you have someone in your address book? It doesn’t seem like an apples-to-apples comparison.
I think the biggest thing here is that beyond just a session key (to make sessions secure from each other), this approach uses a rotating session key. That means each transaction in a sesssion is unique ensuring forward and backward secrecy.
I may have read it wrong plus cybersecurity is not my forte.
TLS can do key rotation too, it’s just not needed in practice. The QUIC RFCs talk about it a bit, e.g. when using ChaCha20 the key usage limit is actually larger than the defined limit for transmitted data, making it only potentially relevant for AES.
Isn’t asymmetric used for the handshake only? And then like AES or something which have evolving keys (and are quite quantum resistant).