IETF Logo Mail Archive

Re: [TLS] Getting started, clock not set yet

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 17 August 2022 15:10 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 687F7C1522DC for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:10:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CS4PJACTxV-h for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:10:35 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5607EC1522DA for <tls@ietf.org>; Wed, 17 Aug 2022 08:10:09 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2177.outbound.protection.outlook.com [104.47.71.177]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-30-Bdy3ei3kMAe5Tmszf7cY-Q-2; Thu, 18 Aug 2022 01:10:05 +1000
X-MC-Unique: Bdy3ei3kMAe5Tmszf7cY-Q-2
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY4PR01MB6914.ausprd01.prod.outlook.com (2603:10c6:10:13b::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Wed, 17 Aug 2022 15:10:04 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9ce9:9bf2:308b:8a40]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9ce9:9bf2:308b:8a40%4]) with mapi id 15.20.5504.028; Wed, 17 Aug 2022 15:10:04 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Kyle Rose <krose@krose.org>, Hal Murray <halmurray+tls@sonic.net>
CC: "tls@ietf.org" <tls@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Thread-Topic: [TLS] Getting started, clock not set yet
Thread-Index: AQHYsCRpUrhIAc5JOEq2Ame6pq4OrK2v6+4AgANKXLE=
Date: Wed, 17 Aug 2022 15:10:04 +0000
Message-ID: <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <krose@krose.org> <CAJU8_nWC+GRZFm02trAgB_bmUfkNF9bMfUHenVRNojydzi1NNw@mail.gmail.com> <20220814212506.A6A1A28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <CAJU8_nUZCR3ihGBj101n8zd6e9+nqFR0NW=u6EgpqDwKX+=aUg@mail.gmail.com>
In-Reply-To: <CAJU8_nUZCR3ihGBj101n8zd6e9+nqFR0NW=u6EgpqDwKX+=aUg@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8dee90e5-b467-4c9f-c475-08da8062904e
x-ms-traffictypediagnostic: SY4PR01MB6914:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: HIdh6pf0G+XfkIIrgRZeYRmO0Oh4RgS1uU0mr/jFH5PgbPUKJAXLrc2X0meFqU5sHA0qijJbuVo0mso4vfc0NGI1Oyw4QUhEUdPgPF3dn70tSTFVVgld72+eLjdpg72sdIW73oByBrHx2Yx2vxxtZ68TdsMSiq60c0eEjvoMCgWuYRjezn4QxRZawYIryAxBz8bZ3U0p8XAMACgljJuevsODM1YkDR5yd97H7Jpl2AVw4FShoK1Ih6eJtBiglXCVKGeVeCk0Ml72dm7AX/d49stOC/lO6rycY7IP1LE8MDUbxSQa2pLcUNUh4T+kmtUYf67Ne9FaWsnnpXau4w1AsMbDil6L4TmjWMHZY98pvufb3Glc45oabHRbGHTwEk+qdqgBr8zFpUY0tLVzqXbINj9ZTX6fzuw9n8LzAJjoub7rgmwGK6QwjEJSU5u08TpGWASZ/ogQquWHuTmMKl+NdUCjvnldXCSQGXt3OrkoCO52EGGpxanELqAOZmmGuhxJ+wZfmJEhdts7MJt9dJXJizZRlORiyZEbGCjGy57X5IlNeVpWEjBo/NgMyT/g6yk8lVOwv23NOYfNl/nZhA9VWb2H+jdfNIboIyk8SAvvN6Q+7ZQ1JJZk7DTPg8nOhfY5lBL/42z+/KE0yduT/lvqMr5vq6o8rB68ZFwSBVQozz0WVT8n0IOtZiFlVTGVuzrfGYWe4AlkrbnfvtA3+npiczEG6S4Ni5RWB9NA5n+Nk2v3rt9kKUIH167QMsXzd91XlOz0f3akFcdr8qKCeD2Anw0qaSZyCPeEdmUuob3zvHJXunGsrZ/eDxXEzybsu6st
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(366004)(396003)(39860400002)(376002)(346002)(66556008)(66946007)(8676002)(9686003)(54906003)(71200400001)(38070700005)(107886003)(76116006)(26005)(316002)(786003)(66446008)(66476007)(110136005)(8936002)(478600001)(4326008)(52536014)(2906002)(122000001)(64756008)(33656002)(41300700001)(38100700002)(83380400001)(186003)(7696005)(6506007)(5660300002)(55016003)(86362001); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: j7ga1mYelrdkKOzvfTojOwKnYWV+wecY3cqgeAaWRs+MPUvm17f8bXk+N0sZ0pDIvxn2odtdl3OQScflI7GaRIx0EHktZLgFMb1VIHLxdrLBAHKyVqTulurN1pWaRbNAxqcaEh1HCwa4PoFiG55yn3izxd7OP6ByrcMOmc1xNCdMB0fC8g6rEjIRnES9cReZ/7f2Zy18Ly4hFHKpLFNp7kcYuB//wgEU3mjXMncxhB0dDzGJhFY7+0bP9BJ0IePhuRUx3rxMP74/JDpgvWNa9bOyC9522zMzqM0P8ZiOdORU+jSXIBo/ZPwJcEa6EAtXDCOm1HJkVonlJARzelsG3Nl/P/AyRCzvkK+66VclrDSFAhFeg9eaqw0xuNBJwLaBXeto/pB8q6Ykh9tRbvZL+oAWE9uYpBg6zr4JUO1WgNo/bggKC+u2cOZXmXYXcN8PL4/2YbqMZ2EzJT8mZcqeTUCEIg3QZt4hV1iekECvXvZh+BtdGdbAr/0tGvcsadBGL1JLYnqez2OttVwMr6tooZR1D7D/jHCSDwUrmUGAtLO39u6XfKpVRvyeWA3m7uWVHy/b3x75bOvEuUEKw0T2R6LagYEKWyHn77Sghh4FL7iuKFO7iQgozGuxvFYZ7XICq7ArdufKOZ7uLMHMa2MDyUMRYcKswNK2Yk6Mhav+7uhdpCAfkPmrbO5MclVZIWc2rCx8zDuLCNQ1dyTyD+bEwYsr4S09WuRBBRpy7h1DVRUthPleC5RkMD/vdYQllOGq1nIbnr1BZx9TeLe2aLjrx+gBOkJUBUhQmdScTi3YqzdtXjJ7P4b+MjByTtYyGhvJgMnzZoKfwbGlO/KuCNOGR6u+JRqBPkdOk7EpV9Brq4vNYeBRTpv9WyrH0dxU9QlNgFZ9rV/UjEjgzmEaCntp4fIXnNl6SgxhzL0DMtIuOZIA5+5Nsn9IvOlL96byc/kbRcCuVP+3Y+qIs0yGzqS79SFGc8y/59T5uKjHI4yUc70qFBv3cS9FnEnMg/CWir1MRCNyk2ZwRuM7Q2I7nl2EACOpy4AMJEQiuS0EOkwoV56Qr9lbQI7xGF87xjHRJv12/k9kGwsEk+Cv9iAhTq8W/KtpqiVfQ87xT3E8K6MqK0vOVutZQvHgX+EoDPtDO7Bs5alzmkq0cg52ILaut0y4maw56fvxecvNZvcqDKmBMKlUneOCwENEkZyXdmLyOWV8Ohw9soc33Ma/gbCIwQ/RCKfjTyj/ETT3gQzviHYTjaw6+FKwtgiCJKjuyzvSdUeLtjvbC2V5kw1Ilu0Xp93dtsSaXLyLER7cVED+oiLwZJj0uvuhJVaggGGmbtG7IhpPtPuuuixD55QNZmgHiCE38gIGCixux2g7ZVda126yjIjjBoT14qsu+4XiRzCG1B0pDYEgEbGcsWtq3jyBt/sRuIcrTD5vbUomDkyE4UCMQnO+9uaFTBJtsqUYVB/6+XfGB3KMManjHtIrXMuKqb2EnrtDOS75AyQWAwFu+Py/5rahX3bF3GzgpeR6JsEKnl6CNIn9Kaa2+74HqKF644IcGP65eb2c8prXTCF2VvSgx0CsP1pIKrfF6lu4rbhzZapj
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8dee90e5-b467-4c9f-c475-08da8062904e
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2022 15:10:04.1953 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nTqs6oHAlgQV53FNKCdunmKrQ8qxboRmsJ+hgRqri5lgXNjkOXGR8RTKWmY/Il78q5nxDENHGqvTyXZAvRzybK0KSMsdh+oRlSv+2ot1k5c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY4PR01MB6914
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XdJGtAcxtT4HtI0Mged8Gx5sVIc>
Subject: Re: [TLS] Getting started, clock not set yet
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 15:10:40 -0000

Kyle Rose <krose@krose.org> writes:

>I wish I had some more context for this area of embedded devices. For example:
>
> * Why is an RTC more expensive (along whatever axis you choose) than a NIC
>(wifi or ethernet)?

Quoting "IoT / SCADA Crypto, What you Need to Know":

  The device often won't have any on-board time source because it's not
  feasible to include an RTC in the design. An RTC adds considerable cost
  (possibly as much as the rest of the device), may be larger/heavier than the
  rest of the device, typically requires one or more extra assembly steps to
  fit because they can't be installed via pick-and-place and reflow soldering,
  make the device more vulnerable to issues like high and low temperatures
  that embedded devices are typically exposed to, and wear out (the batteries
  die) long before the rest of the device does.

> * What classes of devices would reasonably sit on a shelf for ten years and
>subsequently prove useful without being updated?

Any number of SCADA devices.  They're an exact replacement for an existing
device, so the fact that you're replacing something that's failed with
something else that's exactly identical is a requirement.  You don't want to
replace it with something that someone's fiddled with in the meantime because
you can't guarantee that it'll behave the same as the original device did.

> * If it's been sitting on a shelf for ten years, why is reattaching it to
>the network easy, while plugging it into an upgrade klosk first and *then*
>reattaching it to the network is hard?

See my earlier comments on this.

Peter.

v2.23.0 | Report a Bug | By Email