Re: [TLS] Let's remove gmt_unix_time from TLS

Wan-Teh Chang <> Fri, 06 December 2013 19:59 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C2E5F1AE06F for <>; Fri, 6 Dec 2013 11:59:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.38
X-Spam-Status: No, score=-1.38 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0Gdgkq1lGarZ for <>; Fri, 6 Dec 2013 11:59:24 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400c:c03::230]) by (Postfix) with ESMTP id C21BA1AE074 for <>; Fri, 6 Dec 2013 11:59:24 -0800 (PST)
Received: by with SMTP id lf12so1209673vcb.21 for <>; Fri, 06 Dec 2013 11:59:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ECj0VQq7ynqIw0yP2Nf9wV82PFwMjDTQN5mph9zXfBk=; b=k8vMVo1Og5dbcAnqR1iTcmmmxba1+9K0QgGe0QlDpF5cMN58bZsLx57eLIX33T8P+9 0I1NQyzR+jr4P5U1vlOJDxt2nJ8H54wSI6iCDhuY01w2ui8zVlLW8DY1tvVfTS9qSZz/ 9ZWfvHgn1JlqpeK9hN2jpmnFRvcWDlzbqYKo1i5LgS44CB0Y/0LRKGzcdv5PBpr0D2dZ NiirsUmR0TdhxAk5Bp39oNHsYYaeTExrelrsvAElyzgIfNcy6SCXGHMtdd/L4W2gCAu1 bKoKx7fh4UeW/L3BkKXAZTWKemFwemgZolT/GJiBca+Eswa9Q/oifK+5Zck8vhxgCplI DG2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ECj0VQq7ynqIw0yP2Nf9wV82PFwMjDTQN5mph9zXfBk=; b=RAMV3qZZrLa54smL41f/oWkV1htAkUDUpqxmpnPA9nN2lF1HIkdEvZbKTqQ/8RBR73 PIB4AbL5C7xDH/H0HiboWt7mdhM9oCwju/eJZGF/cBmy/IRNbPVyI5bkO67RDEk/1Po4 2BVORvwAgnfcsp53z1upSuBYkM8xnWQ4ZuxK6/lWMwiftfB1mvv+LtY0t1GihjZwRXqf weZmPPnHIfcaQT7yIgMivaMQqDa1g+AhKHduwJGV3d2SD8s7AwqsG/ICBQ6EUnof62CQ IZCj8dKInu7SzGi33VU4eDMLZMB8L93EUnIATbNbQG10Owbl+pcCoGLW66FiuWtAMhRf EidA==
X-Gm-Message-State: ALoCoQk7SlFJG0zlol/K/LaMZ8TxU9YGZnWi9aQXZGILDCU0SpArLVfmRLb7qGYXJDiwfQ5j2MkWs3AspbgjNwPMYiSBNLTxdY5XyrY2mWHVbc2yzQLPH53LOdPDqaS6f05XK4hZPjTdW1jc4FL+bNWgH2YUmN3CMXNImUqieYscB5ZmTH3l5s+gl5kF9DNtWWhIvfLm4DBB
MIME-Version: 1.0
X-Received: by with SMTP id yq3mr2634425vdc.55.1386359960690; Fri, 06 Dec 2013 11:59:20 -0800 (PST)
Received: by with HTTP; Fri, 6 Dec 2013 11:59:20 -0800 (PST)
In-Reply-To: <>
References: <>
Date: Fri, 6 Dec 2013 11:59:20 -0800
Message-ID: <>
From: Wan-Teh Chang <>
To: Nick Mathewson <>, Adam Langley <>, Eric Rescorla <>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "" <>
Subject: Re: [TLS] Let's remove gmt_unix_time from TLS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Dec 2013 19:59:27 -0000

Sorry about my late reply. I am a programmer working on the NSS crypto
libraries. While reviewing recent changes to NSS, I noticed that
Nick's proposal 1 has been implemented in the OpenSSL and NSS source
code repositories, which led me to this old email thread.

The only protocol feature I know of that uses the gmt_unix_time field
of ClientHello.random is Adam Langley's TLS Snap Start Internet-Draft
[1]. See Section 3 of Adam's draft. This method is one of the
anti-reply mechanisms being considered in Eric Rescorla's TLS 1.3 new
handshake flows Internet-Draft [2], and is being used in the QUIC

So, I'd like to offer another proposal:


Add a random clock skew to the current time. For example, generate a
random signed integer in the interval [-512, 511] (inclusive) and add
it to the return value of time(). This adds roughly a +/-8.5 minutes
skew to the current time.

If this proposal is an acceptable solution to the client
fingerprinting problem, then gmt_unix_time in ClientHello.random will
remain viable as part of an anti-reply mechanism for TLS 1.3 new
handshake flows.

Wan-Teh Chang