Re: [TLS] No more GMT exposure in the handshake

Eric Rescorla <ekr@rtfm.com> Sat, 07 June 2014 23:03 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD4C1A0248 for <tls@ietfa.amsl.com>; Sat, 7 Jun 2014 16:03:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id biSUbFrJdTHC for <tls@ietfa.amsl.com>; Sat, 7 Jun 2014 16:03:02 -0700 (PDT)
Received: from mail-we0-f181.google.com (mail-we0-f181.google.com [74.125.82.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54C731A0246 for <tls@ietf.org>; Sat, 7 Jun 2014 16:03:02 -0700 (PDT)
Received: by mail-we0-f181.google.com with SMTP id w61so4360413wes.12 for <tls@ietf.org>; Sat, 07 Jun 2014 16:02:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Gvcnx7tvytHtGKaxAHjDSkYj247Rp/cfeSm5H8bQPUQ=; b=jlXq4laBxCPrJbB5I2o3IjOtRtsDxDxDoEgMrrMiVLsjyZLeaFPmSqmfac0yVI7k50 sjpHKveUkLz6fCQkxQ4MmiBJmApjyyWo8OvD2HiDRgKPO+NeqNhiuhbifQZwnXjT8rd6 RXpmuQTmk6a+SX5cTifQtTS+71DMybMzETH0SkfA2hrXyzvoHybByfYLgnlpv+mzC3Nf SoGmh3ZMjjKJlqIJcDwOeYd3WuB0XFafRKInXQGdp1zfPUOlo/F1954ek/v3Gh1IM3XL hgE8q9zXSvk7AhHhslMWk51FrjuqowHT9CbPNCwiKDr2Wv0AuKAtkRKGXqAoExenWcS/ AP3w==
X-Gm-Message-State: ALoCoQmDWZtipM0pVvl54aB8FymDxfsIfN1r+4xZ5XJIjaQI9bqaDzFhYD0jYwK0XEE44vbzUo9A
X-Received: by 10.194.246.234 with SMTP id xz10mr218406wjc.77.1402182173629; Sat, 07 Jun 2014 16:02:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Sat, 7 Jun 2014 16:02:13 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
References: <CACsn0cm69oJX_Bxqerig4qBmSf1fcQWW5EG42jia3qJkTwe0Tw@mail.gmail.com> <53934B47.4090603@fifthhorseman.net> <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 7 Jun 2014 16:02:13 -0700
Message-ID: <CABcZeBO3ihEgcuhVXZLGL5Xnfj7KSie7DFgE7+HySHLw6-=dpw@mail.gmail.com>
To: Jacob Appelbaum <jacob@appelbaum.net>
Content-Type: multipart/alternative; boundary=089e01681cd45eb89904fb46fa1e
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8RV7SdxNW2Lns0lR2Fcl4tI0Uxo
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] No more GMT exposure in the handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jun 2014 23:03:04 -0000

I've created a github issue

[https://github.com/tlswg/tls13-spec/issues/42]

to keep track of this.

-Ekr




On Sat, Jun 7, 2014 at 2:55 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:

> On 6/7/14, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> > On 06/07/2014 10:56 AM, Watson Ladd wrote:
> >> Putting the clock time in the TLS handshake enables fingerprinting.
> >> It's useless cryptographically: 32 random bytes is exceedingly
> >> unlikely to repeat.
> >
> > There seems to be a growing consensus on this point:
> >
> >   https://tools.ietf.org/html/draft-mathewson-no-gmtunixtime
> >
>
> I've said as much to Nick and to Eric (in the context of working on
> tlsdate[0]) but perhaps not on this tls list:
>
> I'd like to see servers provide 64bits of time resolution in the
> ServerHello and nothing but randomness in that field in the
> ClientHello.
>
> The current 32bit field isn't accurate enough for replacing NTP. If we
> can't make the time field useful for accurate secure time exchange - I
> hope we'll remove all network visible distinguishers, even ones that
> are currently useful for totally bizarre reasons.
>
> All the best,
> Jacob
>
> [0] https://www.github.com/ioerror/tlsdate
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>