Re: [TLS] Server time
Jeffrey Walton <noloader@gmail.com> Sat, 04 April 2015 22:10 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00DA91A039B for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 15:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCV-HTzCJ1PC for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 15:10:09 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA0CC1A039C for <tls@ietf.org>; Sat, 4 Apr 2015 15:10:09 -0700 (PDT)
Received: by iedfl3 with SMTP id fl3so575960ied.1 for <tls@ietf.org>; Sat, 04 Apr 2015 15:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=hGa1b+BLVcT80llyLCLILEPFasxkVUHWcdXY408C1G0=; b=HgjzviFK7i4awqBE/MfRtdh2H5vTyBZPALNmE7SxJo5gKkCO0+iJ22q9Z2wCZSxsre TnybnMrHdEejkoz5hvM45HQ8NdrFoM5gRVg+vHJnJcT+qxR5srs3ITiEABxyk9qfTii8 hse/1VJNbkn/M1kXOL6nEVXighpyfemItFAu86jaKmpp1tChrWJR98ayLc/Cc0Mz9jPK D6jdQflX2Jgl1DbrqxGuUUv+3/m/uF6Isls0US3Bt4cV2RX2OU+S6L+m+dAvw77EI6Ah ATy7OP9cTbigqiGfkZC/poqVRc88NWO5JWQRTe0kc7TzNM/uNvo0PaEG4jSCv6GB9HH+ 6Nzw==
MIME-Version: 1.0
X-Received: by 10.42.109.12 with SMTP id j12mr11004394icp.22.1428185409123; Sat, 04 Apr 2015 15:10:09 -0700 (PDT)
Received: by 10.36.77.15 with HTTP; Sat, 4 Apr 2015 15:10:09 -0700 (PDT)
In-Reply-To: <201504041757.05854.davemgarrett@gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com> <CAKC-DJj0rKNVXc1XJ4W2yiGY2bXYsXtAfubGEmO8JsoBu2kfvA@mail.gmail.com> <201504041757.05854.davemgarrett@gmail.com>
Date: Sat, 04 Apr 2015 18:10:09 -0400
Message-ID: <CAH8yC8=wAaZBm0QzDC4oMOM8Ywzj9pnVCbYNpjmdOhxYOoorqg@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/B3W5JNClMFJxsT0Vx0b9Eap-_kg>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 22:10:11 -0000
On Sat, Apr 4, 2015 at 5:57 PM, Dave Garrett <davemgarrett@gmail.com> wrote: > ... > > Do a ping with a time request after authentication and it would be protected, measure latency, and easily provide precise remote time adjusted for response time. Might be overkill, though it'd be simple enough to add. > I think the problem here is channel setup will fail *if* the client's clock is wrong. The client will fail to validate the end-entity certificate due to problems with the notBefore and notAtfer (even though its correct). You won't have a channel to perform the ping. I like the idea of a field like ServerHello.time so the server can communicate its belief in time. A client can defer a simple failure based on time until key exchange completes. If key exchange completes successfully, then the client can decide if it wants to accept the server's view of time. The functionality leads to other attack surfaces, like a rogue server rolling back its time and using compromised key. But I think that can be solved with a good degree of certainty using Guttmann's security diversification techniques. Jeff
- [TLS] Server time Dave Garrett
- Re: [TLS] Server time Erik Nygren
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Hauke Mehrtens
- Re: [TLS] Server time Brian Smith
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Eric Rescorla
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Tom Ritter
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Martin Thomson
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Adam Caudill
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Ben Laurie
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Jeffrey Walton