Re: [TLS] No more GMT exposure in the handshake

Martin Thomson <martin.thomson@gmail.com> Sun, 08 June 2014 16:41 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87C5F1A0092 for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 09:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlsxJlmekePS for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 09:41:36 -0700 (PDT)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E44F21A0089 for <tls@ietf.org>; Sun, 8 Jun 2014 09:41:35 -0700 (PDT)
Received: by mail-wg0-f47.google.com with SMTP id k14so3793509wgh.18 for <tls@ietf.org>; Sun, 08 Jun 2014 09:41:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=BsnBQgUcMNNcCI8s7v1CR6YF8T319L2dUlhwCCCam5U=; b=XHxtpbOAX9oQP1k7Mm2qK1SOkwg3pxsPUfysxdpJ+lI4Iuooobc2ms8moiib4yc+Hm vU7uylmAyWPkvDdnSa9CTX6k3QaIVHgGBtjAORS6etMLLR51qdkWLWGghtNZ9DEe1HvM DulRA/obirgU1/BYtgYesd2TDLIVAlDE72Kg2XF5+2u0Je5Zvmx3Gn84e8REsVMYeSct 2WJbruw5niXpcgWHNfHVvYHwNsefGcPZ2o0kyQGMv85nk+QeyhJEKCQGtDWXVepIJsc3 DWRpGhe3ggeE52T1mjRSALeOUM+5dyhP7nixlvhhzGvwSAu6IMqwi0AURq0VopbaU+Ej 8/Vw==
MIME-Version: 1.0
X-Received: by 10.180.72.243 with SMTP id g19mr22019327wiv.44.1402245694261; Sun, 08 Jun 2014 09:41:34 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Sun, 8 Jun 2014 09:41:34 -0700 (PDT)
In-Reply-To: <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
References: <CACsn0cm69oJX_Bxqerig4qBmSf1fcQWW5EG42jia3qJkTwe0Tw@mail.gmail.com> <53934B47.4090603@fifthhorseman.net> <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
Date: Sun, 8 Jun 2014 09:41:34 -0700
Message-ID: <CABkgnnWWPvd4CC3M+OtM7GGc9u2fAX77M2OqAu4edDnLtcXfGQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Jacob Appelbaum <jacob@appelbaum.net>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/K8FSyu8MQUisFu8GatpElnG5eXc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] No more GMT exposure in the handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jun 2014 16:41:37 -0000

On 7 June 2014 14:55, Jacob Appelbaum <jacob@appelbaum.net> wrote:
> The current 32bit field isn't accurate enough for replacing NTP. If we
> can't make the time field useful for accurate secure time exchange - I
> hope we'll remove all network visible distinguishers, even ones that
> are currently useful for totally bizarre reasons.

I think that I'd prefer erasure.  But the idea of parasitically
updating time is intriguing.  I assume that you need some sort of out
of band method for determining if the server has OK time in the first
place.  I know Google have some techniques for good time sync, but
most servers have completely rubbish clocks.