Re: [TLS] No more GMT exposure in the handshake

Jacob Appelbaum <jacob@appelbaum.net> Sun, 08 June 2014 22:27 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6187C1ACAD6 for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 15:27:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SBL=0.141] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6P3cGgOKwn4d for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 15:27:08 -0700 (PDT)
Received: from mail-qg0-f46.google.com (mail-qg0-f46.google.com [209.85.192.46]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BA261A854C for <tls@ietf.org>; Sun, 8 Jun 2014 15:27:08 -0700 (PDT)
Received: by mail-qg0-f46.google.com with SMTP id q108so7929732qgd.5 for <tls@ietf.org>; Sun, 08 Jun 2014 15:27:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=DCJHdoYn1GMDSifrJ5wVP4TaSNnAJULs9GGJWn4GDf8=; b=e8hrWw0CQcZvMzBNOMRwBtKyjdchVrPeFCqci9o4QLCn/YW/5GLp/3cdTmGlDNyOGx zExPrXRiL/RU6N3muMpXsQP5pVx3v90ij+x0l87SWoiKn3b5I9wplhyT2AE5p0b9TwZX Lz1tmepRCOKwZyseHcdZspNkvLXl25ApGBPDT99p3vFWSuyQX5clNCBxdMJzvMti6NL5 f/CPnii5t6879NCINuZan/6quvPPovhlX3YZ+BgjPWXECUgeEXRpo4QbYaFv4WVoj1NK S7tJopzQY4Y+i4aQBcASJrMCoZdBvdrh2ecloXK+aA7Rd9+7r6B4xjfhgXvawmll4w/q Ie+w==
X-Gm-Message-State: ALoCoQmpW7Sx7BLf+1UCPkkLprXTUhMS780BJPNSKHWy0ugvXYiTuELeFmtWVw7pGVhO77Dh2Mdb
MIME-Version: 1.0
X-Received: by 10.224.47.2 with SMTP id l2mr24200505qaf.85.1402266427627; Sun, 08 Jun 2014 15:27:07 -0700 (PDT)
Received: by 10.140.100.205 with HTTP; Sun, 8 Jun 2014 15:27:07 -0700 (PDT)
X-Originating-IP: [37.0.123.207]
In-Reply-To: <r422Ps-1075i-7184AAA4F57A49239C799722AD2816B6@Williams-MacBook-Pro.local>
References: <20140608101721.GA6189@roeckx.be> <r422Ps-1075i-7184AAA4F57A49239C799722AD2816B6@Williams-MacBook-Pro.local>
Date: Sun, 8 Jun 2014 22:27:07 +0000
Message-ID: <CAFggDF3W1jV8wtnHq9wqOYS16ZMToG3cgi9jcUqQzL5Tpk_9+w@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Bill Frantz <frantz@pwpconsult.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/XLTFg9YwcSZwd5YF4x0rBBtw8Qc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] No more GMT exposure in the handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jun 2014 22:27:09 -0000

On 6/8/14, Bill Frantz <frantz@pwpconsult.com> wrote:
> On 6/8/14 at 3:17 AM, kurt@roeckx.be (Kurt Roeckx) wrote:
>
>>Anyway, how do you plan to deal with checking the status of the
>>certificate if you don't know what the current time is?
>
> It seems to be a poor policy to trust time information from a
> server whose certificate you are trying to validate.

Isn't it worse to trust a network protocol without any cryptographic
assurances at all? I think so... I also tend to think the right choice
is to fix NTP but we'll almost always have this first leap of
something. I'd prefer it not to be a mere leap of faith but rather a
leap of cryptographic assertion pinned to a set of keys that I trust.

Until the time that NTP is fixed to deal with hostile networks, we've
got hundreds of thousands of SSL/TLS servers on the internet that
serve mostly accurate time.

All the best,
Jacob