IETF Logo Mail Archive

Re: [TLS] Let's remove gmt_unix_time from TLS

Adam Langley <agl@google.com> Wed, 11 September 2013 16:13 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F395C21F9E73 for <tls@ietfa.amsl.com>; Wed, 11 Sep 2013 09:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.737
X-Spam-Level:
X-Spam-Status: No, score=-1.737 tagged_above=-999 required=5 tests=[AWL=0.241, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9RDHwS23o865 for <tls@ietfa.amsl.com>; Wed, 11 Sep 2013 09:13:08 -0700 (PDT)
Received: from mail-ob0-x230.google.com (mail-ob0-x230.google.com [IPv6:2607:f8b0:4003:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id CE26821F9E6B for <tls@ietf.org>; Wed, 11 Sep 2013 09:12:23 -0700 (PDT)
Received: by mail-ob0-f176.google.com with SMTP id uz19so8570831obc.21 for <tls@ietf.org>; Wed, 11 Sep 2013 09:12:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=QcupxjvZEUZg28NlvJUT4DWfbcm6PXiHMKqm2JaZVBs=; b=RGr/RrWJ4WBx98uVAlT6eKjRNcfd2up5ZX2z08aB7af4iyCbPw5SNkQsUVmhTwxa6y EsebbKZ1cWQ5GaxlGqtYDbrPYJ/lprQXBNjIjwLDw5g18+Q4Kz4eMPD+4I/5z4886OQV IwUPIR8/gmyeHuUmzuocYHn6Rkkm09GPkWBujG6vc17AImme+t+stVigFHGZTcbwYBhY hkpqeShUmKwp+mmjn+GkREoDKgfvqN5ZCChCn55VEXvWyD1aWMH9B33g9Sse5dj1qi3W KjbhYNHV+XLXbKCwRwjZzU/DMOFt2WI0m1uNCbO188+VrwX6oLfDnDZ+W8sP8tNBuSHe 2Rww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=QcupxjvZEUZg28NlvJUT4DWfbcm6PXiHMKqm2JaZVBs=; b=Eq3O+kAxFEvWfqjsFLPHjIFlqYxouRli1xIeRSahpufqlpe9be1GxJDw8bbjBcoAXG +R+jnMrB44FxFZNg0zAoOdF3MHA3dWJ7yBVieCIF0+90ozPSs8xXLLeHwHyqTmYt3uZM 94JJDlfAcLdDp4UBhaus+hy6lZZ+kDRwasLNK2Js7dx/fyZl/Luf9LDJ0lnZrBb8GNoe e1BvwZctmey6QTj1J8WVQpAoQy2JO9ViSh3CKbU4br/rPFEkUAkMtQ3IJLlmJZ1pREo2 LE9jsCKTB7xGmcs/kWuh+0+BwooIXc7/hZHpNqwtxfvHsJTDSvFJsU1xtmGTF9bLVct2 XEJA==
X-Gm-Message-State: ALoCoQmEZ/cWkXJ8OerrC5b0NW+J0uFHDwz9fB2A1HbN2VNYpfviZrKGjjO3r3nyIO8GOFhKRwo/hYWVoP9eGUhYHLX+R06AaJYh3l+h+fBXXq+MOtkSUnRijWIsQwKGTm7juG7DD98wkWSuMaZAU6O62msKJM8RYdltS/JaryGO5jxOZqJy708nZDaIwhBznosZnhC00EfZ
X-Received: by 10.60.132.142 with SMTP id ou14mr2245514oeb.58.1378915938206; Wed, 11 Sep 2013 09:12:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.79.105 with HTTP; Wed, 11 Sep 2013 09:11:58 -0700 (PDT)
In-Reply-To: <CABcZeBMY+iFgoq8E0hw8yYimqadTYN6CVfy-Ya1tAkbmsigAJQ@mail.gmail.com>
References: <CAKDKvuw240Ug4xB3zi2w0y7pUvCwSe0nNFZ2XP2vL-tbtKT0tg@mail.gmail.com> <CALR0uiJ0+yvcuYG69pSaaJntJwta-odJJQRMxQJWgVXKvUp3wQ@mail.gmail.com> <CABcZeBMY+iFgoq8E0hw8yYimqadTYN6CVfy-Ya1tAkbmsigAJQ@mail.gmail.com>
From: Adam Langley <agl@google.com>
Date: Wed, 11 Sep 2013 12:11:58 -0400
Message-ID: <CAL9PXLyw_fbP7OEem_91kE+0E6b2MwGy99QwPC3V3wVuTah9sw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: perpass@ietf.org, "tls@ietf.org" <tls@ietf.org>, Alfredo Pironti <alfredo@pironti.eu>
Subject: Re: [TLS] Let's remove gmt_unix_time from TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 16:13:09 -0000

On Wed, Sep 11, 2013 at 12:06 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> Before we discuss mechanisms, it would be good to verify that in general
> clients and servers don't become unhappy if the timestamp is radically
> wrong. Has someone done measurements to verify that this is in fact
> the case at a broad scale?

I've observed that some small fraction of traffic to Google puts
random bytes in the first-four bytes of the nonce. It was less than
1%, but some clients clearly do this already.


Cheers

AGL

v2.23.0 | Report a Bug | By Email