Closed tfpauly closed 1 year ago
You could also have the mirror police the keys being distributed to make sure that key rotations seem reasonable, and there's not a flipping between keys that could look like targeting.
Or ensure that enough clients saw this key before the key changed...
Closing as resolved by #2.
I think this needs some more motivation. If clients only initiate sessions using currently-fresh resources, then short validity windows do not provide any ability to target individual clients (ignoring clock skew).
I would like to see some more specific rationale for this recommendation, if it is necessary at all.
If the resource can get refreshed very frequently (like every second), a client could still be targeted without detecting an attack. One solution is to have a minimum time for validity.