Re: [TLS] Let's remove gmt_unix_time from TLS

Nick Mathewson <nickm@torproject.org> Wed, 11 September 2013 16:32 UTC

Return-Path: <nick.a.mathewson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB60F21F9FFF; Wed, 11 Sep 2013 09:32:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.792
X-Spam-Level:
X-Spam-Status: No, score=-1.792 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tw1tpgGlb2Nm; Wed, 11 Sep 2013 09:32:41 -0700 (PDT)
Received: from mail-qe0-x233.google.com (mail-qe0-x233.google.com [IPv6:2607:f8b0:400d:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9DF21F9BC3; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
Received: by mail-qe0-f51.google.com with SMTP id ne12so5687623qeb.10 for <multiple recipients>; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wirqVF+Yx86PmdTtJi1hAE+OXzeM0BKEclEh0aEKJ94=; b=FuPtkyRuJriqW1rSYlx6BNex4okopNTnml/uVhHkYi2WPL5m7yxXmXG5VsIytyUISe vtyKgFaxmueSnhvgh5Mu5K3rW2Rdk/qo7WAKNaeBp+YSK52SkYXgFqjG3Td9TBknK05M bUOKbHyg1YAyC3ByoRcAs0exCekxQEVFBSk1AmZWlsMMaEOu714bL7dxcbaLVaTyILgK ipNtAC0Rmgst5zrwZAjQZxDfgW0lWwCT5xOuoH88+i9SBI4d+DVuxdnnVZghZrNvrcLX QJLb+1bLn0EjY3249CxW2tSjlkvo0NN9Cx2LFUQtA9+WAHCf4NW2yhrOV5nsJA++MZIs J+iA==
MIME-Version: 1.0
X-Received: by 10.49.25.102 with SMTP id b6mr4555274qeg.91.1378917160355; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
Sender: nick.a.mathewson@gmail.com
Received: by 10.140.22.81 with HTTP; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
In-Reply-To: <CABcZeBMY+iFgoq8E0hw8yYimqadTYN6CVfy-Ya1tAkbmsigAJQ@mail.gmail.com>
References: <CAKDKvuw240Ug4xB3zi2w0y7pUvCwSe0nNFZ2XP2vL-tbtKT0tg@mail.gmail.com> <CALR0uiJ0+yvcuYG69pSaaJntJwta-odJJQRMxQJWgVXKvUp3wQ@mail.gmail.com> <CABcZeBMY+iFgoq8E0hw8yYimqadTYN6CVfy-Ya1tAkbmsigAJQ@mail.gmail.com>
Date: Wed, 11 Sep 2013 12:32:40 -0400
X-Google-Sender-Auth: INvwXlEciOoOBehffdxr1jiN6Pg
Message-ID: <CAKDKvuw-YLexTwDf1SV_M4L129W+4CVL0mcJ8hGrx+ff3ts=Zg@mail.gmail.com>
From: Nick Mathewson <nickm@torproject.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass@ietf.org, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Let's remove gmt_unix_time from TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 16:32:41 -0000

On Wed, Sep 11, 2013 at 12:06 PM, Eric Rescorla <ekr@rtfm.com>; wrote:
> Before we discuss mechanisms, it would be good to verify that in general
> clients and servers don't become unhappy if the timestamp is radically
> wrong. Has someone done measurements to verify that this is in fact
> the case at a broad scale?

Tor Browser has omitted this field for over five years now to no ill effect.

It would appear (assuming that I'm reading old NSS source right, which
I might not be!) that from about 2000 to 2008, Firefox was sending the
time since the process started, not the unix time, and nobody noticed
until 2007:
     https://bugzilla.mozilla.org/show_bug.cgi?id=405652

So at least on the client side, there seems to be strong evidence that
sending something other than the correct time does not cause obvious
problems in the wild.

yrs,
-- 
Nick