IETF Logo Mail Archive

Re: [TLS] Server time

Jeffrey Walton <noloader@gmail.com> Sat, 04 April 2015 22:10 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00DA91A039B for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 15:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCV-HTzCJ1PC for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 15:10:09 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA0CC1A039C for <tls@ietf.org>; Sat, 4 Apr 2015 15:10:09 -0700 (PDT)
Received: by iedfl3 with SMTP id fl3so575960ied.1 for <tls@ietf.org>; Sat, 04 Apr 2015 15:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=hGa1b+BLVcT80llyLCLILEPFasxkVUHWcdXY408C1G0=; b=HgjzviFK7i4awqBE/MfRtdh2H5vTyBZPALNmE7SxJo5gKkCO0+iJ22q9Z2wCZSxsre TnybnMrHdEejkoz5hvM45HQ8NdrFoM5gRVg+vHJnJcT+qxR5srs3ITiEABxyk9qfTii8 hse/1VJNbkn/M1kXOL6nEVXighpyfemItFAu86jaKmpp1tChrWJR98ayLc/Cc0Mz9jPK D6jdQflX2Jgl1DbrqxGuUUv+3/m/uF6Isls0US3Bt4cV2RX2OU+S6L+m+dAvw77EI6Ah ATy7OP9cTbigqiGfkZC/poqVRc88NWO5JWQRTe0kc7TzNM/uNvo0PaEG4jSCv6GB9HH+ 6Nzw==
MIME-Version: 1.0
X-Received: by 10.42.109.12 with SMTP id j12mr11004394icp.22.1428185409123; Sat, 04 Apr 2015 15:10:09 -0700 (PDT)
Received: by 10.36.77.15 with HTTP; Sat, 4 Apr 2015 15:10:09 -0700 (PDT)
In-Reply-To: <201504041757.05854.davemgarrett@gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com> <CAKC-DJj0rKNVXc1XJ4W2yiGY2bXYsXtAfubGEmO8JsoBu2kfvA@mail.gmail.com> <201504041757.05854.davemgarrett@gmail.com>
Date: Sat, 04 Apr 2015 18:10:09 -0400
Message-ID: <CAH8yC8=wAaZBm0QzDC4oMOM8Ywzj9pnVCbYNpjmdOhxYOoorqg@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/B3W5JNClMFJxsT0Vx0b9Eap-_kg>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 22:10:11 -0000

On Sat, Apr 4, 2015 at 5:57 PM, Dave Garrett <davemgarrett@gmail.com> wrote:
> ...
>
> Do a ping with a time request after authentication and it would be protected, measure latency, and easily provide precise remote time adjusted for response time. Might be overkill, though it'd be simple enough to add.
>
I think the problem here is channel setup will fail *if* the client's
clock is wrong. The client will fail to validate the end-entity
certificate due to problems with the notBefore and notAtfer (even
though its correct). You won't have a channel to perform the ping.

I like the idea of a field like ServerHello.time so the server can
communicate its belief in time. A client can defer a simple failure
based on time until key exchange completes. If key exchange completes
successfully, then the client can decide if it wants to accept the
server's view of time.

The functionality leads to other attack surfaces, like a rogue server
rolling back its time and using compromised key. But I think that can
be solved with a good degree of certainty using Guttmann's security
diversification techniques.

Jeff

v2.23.0 | Report a Bug | By Email