Re: [TLS] Server time
Jeffrey Walton <noloader@gmail.com> Sat, 04 April 2015 21:09 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BE381A00CD for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 14:09:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uGqT3WM7AhPd for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 14:09:08 -0700 (PDT)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ADF51A0030 for <tls@ietf.org>; Sat, 4 Apr 2015 14:09:08 -0700 (PDT)
Received: by igblo3 with SMTP id lo3so54632igb.0 for <tls@ietf.org>; Sat, 04 Apr 2015 14:09:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=BHoph31dVa5Liw4BQFBdV5LwEAvU4DEYTIPndgNy64s=; b=Dq72FtBBJI0IDSJ5+i8kTvHX0xcE3oEtMpvLpNF+RQPe6LsjnNS3UHetk90P9qNN1i uLo2DrhotOTIBYihJQQ+3SY6iHs4rCp3zes/9wNYdlAEuVVGqnWAvGMr5KkM8ASN1g1E yfxpio97AG20B/Jhu9bhNr9iXkOud6leHeZh4gbPGBkTDTLTRd+pwWCW8N074ygm420Y +ObY2mEZvo9U1alO3sYdmOk8lpY8Aeix7lJStCuh0blOgNFYWO5D89qjqOulKvEE+zVS 6m1/eUAnyjdOVxO4XkrkHR2DkmzDEPgCUQpwX+HMl9Xgp6+m3mX5YbnHvpd1+Q8R7bdJ h2sw==
MIME-Version: 1.0
X-Received: by 10.42.109.12 with SMTP id j12mr10822957icp.22.1428181747692; Sat, 04 Apr 2015 14:09:07 -0700 (PDT)
Received: by 10.36.77.15 with HTTP; Sat, 4 Apr 2015 14:09:07 -0700 (PDT)
In-Reply-To: <201504041352.12431.davemgarrett@gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com>
Date: Sat, 04 Apr 2015 17:09:07 -0400
Message-ID: <CAH8yC8n5DaFzgaFBympjWtXq5dd6jnqHHstxdvzpM-LXwNe=Ng@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/TPlexX0FjfblMptRnmJ--yA-fIc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 21:09:09 -0000
> Consensus was to drop time from the random fields. Prohibiting non-random in ServerHello.random and adding a 4 byte uint32 ServerHello.time for TLS 1.3+ seems like a really simple solution. (note that ServerHello is already changed by dropping compression_method) > +1. Random should be random. Placing time in the random field meant the field was not used for its intended purpose. It violated the engineering design. (Whether it resulted in a vulnerability is a different debate). > The ability of a client to sanity check or sync its time seems like something worth having, especially for only a 4 byte cost. > +1. Some Android phones have a peculiarity where they will fail their very first path validation (like after a factory reset). The phones don't have a SIM and use Wifi. We think its because of the clock (we have never been able to duplicate it, but I've seen the field reports). Other older phones have the same issue, but its persistent. That is, the phone won't set the time if there's no network. You have to SIM the phone or manually set the time. I think the same problem will arise in the future with the Internet of Things. Refrigerators and thermostats will experience similar issues. History has a tendency to repeat itself. The time field begs the question: what is the presentation of time? Is it a UTC or GMT time? Is it a local time? Is there time zone data associated with it?
- [TLS] Server time Dave Garrett
- Re: [TLS] Server time Erik Nygren
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Hauke Mehrtens
- Re: [TLS] Server time Brian Smith
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Eric Rescorla
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Tom Ritter
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Martin Thomson
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Adam Caudill
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Ben Laurie
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Jeffrey Walton