Re: [TLS] [perpass] Let's remove gmt_unix_time from TLS
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 12 September 2013 11:25 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 377C211E8217; Thu, 12 Sep 2013 04:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Vx8d5CK7Jxs; Thu, 12 Sep 2013 04:25:07 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id 98B6121E81E1; Thu, 12 Sep 2013 04:24:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1378985096; x=1410521096; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=MxTqlGTIFACzcPHvNyKAjNIxas0/xOu/uhqqMpS59gI=; b=Jr+xvggqAIqMiw6v9YIZUQ2r3NsiI8qqIB3z3EMx+kTBQaduzHyrd0FH OfJTVouYL1+91ZAuvB8DEOYLmOExmZB44EjbalKW3AACJn5t5QJKzn1ro Q+7PoMW93yVvWwdRtkhzXtGc3A3KVkn12fd+GYlHeXNeRb15TiWkihkxO Y=;
X-IronPort-AV: E=Sophos;i="4.90,890,1371038400"; d="scan'208";a="211785655"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 12 Sep 2013 23:24:49 +1200
Received: from UXCN10-TDC06.UoA.auckland.ac.nz ([169.254.11.187]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.02.0318.004; Thu, 12 Sep 2013 23:24:49 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Nick Mathewson <nickm@torproject.org>, "mrex@sap.com" <mrex@sap.com>, "perpass@ietf.org" <perpass@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] [perpass] Let's remove gmt_unix_time from TLS
Thread-Index: Ac6vqrCvzBRaStaeT72/wQJTAi/Ewg==
Date: Thu, 12 Sep 2013 11:24:48 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C735566D9C3@uxcn10-tdc06.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] [perpass] Let's remove gmt_unix_time from TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2013 11:25:12 -0000
Stephen Farrell <stephen.farrell@cs.tcd.ie> writes: >(And that's a common pattern actually: someone says "if we do X that'll make >privacy a bit better" and someone else says "but there are so many other ways >to leak private info, why bother just doing X?") I've only partially seen it as a privacy issue but more as a security issue, by telling an attacker that your clock is two weeks out you're letting them know that they can reuse an expired cert or replay an old CRL. Even in terms of privacy it wasn't a specific user-tracking thing but more a question of why you needed to tell the world what your system clock was set to. So my code has always populated the field with random noise, not an actual time. Peter.
- [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Alfredo Pironti
- Re: [TLS] Let's remove gmt_unix_time from TLS Russ Housley
- Re: [TLS] Let's remove gmt_unix_time from TLS Eric Rescorla
- Re: [TLS] Let's remove gmt_unix_time from TLS Adam Langley
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Ryan Hurst
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Paul Wouters
- Re: [TLS] Let's remove gmt_unix_time from TLS p.j.bakker
- Re: [TLS] Let's remove gmt_unix_time from TLS Hanno Böck
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Martin Rex
- Re: [TLS] Let's remove gmt_unix_time from TLS Xiaoyong Wu
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Nick Mathewson
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Martin Rex
- Re: [TLS] Let's remove gmt_unix_time from TLS Peter Gutmann
- Re: [TLS] Let's remove gmt_unix_time from TLS Marsh Ray
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Stephen Farrell
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Peter Gutmann
- Re: [TLS] Let's remove gmt_unix_time from TLS Wan-Teh Chang
- Re: [TLS] Let's remove gmt_unix_time from TLS Brian Smith
- Re: [TLS] Let's remove gmt_unix_time from TLS Stephen Farrell
- Re: [TLS] Let's remove gmt_unix_time from TLS Wan-Teh Chang
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Martin Thomson
- Re: [TLS] Let's remove gmt_unix_time from TLS Martin Rex