Re: [TLS] Let's remove gmt_unix_time from TLS
Nick Mathewson <nickm@torproject.org> Wed, 11 September 2013 16:32 UTC
Return-Path: <nick.a.mathewson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB60F21F9FFF; Wed, 11 Sep 2013 09:32:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.792
X-Spam-Level:
X-Spam-Status: No, score=-1.792 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tw1tpgGlb2Nm; Wed, 11 Sep 2013 09:32:41 -0700 (PDT)
Received: from mail-qe0-x233.google.com (mail-qe0-x233.google.com [IPv6:2607:f8b0:400d:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9DF21F9BC3; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
Received: by mail-qe0-f51.google.com with SMTP id ne12so5687623qeb.10 for <multiple recipients>; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wirqVF+Yx86PmdTtJi1hAE+OXzeM0BKEclEh0aEKJ94=; b=FuPtkyRuJriqW1rSYlx6BNex4okopNTnml/uVhHkYi2WPL5m7yxXmXG5VsIytyUISe vtyKgFaxmueSnhvgh5Mu5K3rW2Rdk/qo7WAKNaeBp+YSK52SkYXgFqjG3Td9TBknK05M bUOKbHyg1YAyC3ByoRcAs0exCekxQEVFBSk1AmZWlsMMaEOu714bL7dxcbaLVaTyILgK ipNtAC0Rmgst5zrwZAjQZxDfgW0lWwCT5xOuoH88+i9SBI4d+DVuxdnnVZghZrNvrcLX QJLb+1bLn0EjY3249CxW2tSjlkvo0NN9Cx2LFUQtA9+WAHCf4NW2yhrOV5nsJA++MZIs J+iA==
MIME-Version: 1.0
X-Received: by 10.49.25.102 with SMTP id b6mr4555274qeg.91.1378917160355; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
Sender: nick.a.mathewson@gmail.com
Received: by 10.140.22.81 with HTTP; Wed, 11 Sep 2013 09:32:40 -0700 (PDT)
In-Reply-To: <CABcZeBMY+iFgoq8E0hw8yYimqadTYN6CVfy-Ya1tAkbmsigAJQ@mail.gmail.com>
References: <CAKDKvuw240Ug4xB3zi2w0y7pUvCwSe0nNFZ2XP2vL-tbtKT0tg@mail.gmail.com> <CALR0uiJ0+yvcuYG69pSaaJntJwta-odJJQRMxQJWgVXKvUp3wQ@mail.gmail.com> <CABcZeBMY+iFgoq8E0hw8yYimqadTYN6CVfy-Ya1tAkbmsigAJQ@mail.gmail.com>
Date: Wed, 11 Sep 2013 12:32:40 -0400
X-Google-Sender-Auth: INvwXlEciOoOBehffdxr1jiN6Pg
Message-ID: <CAKDKvuw-YLexTwDf1SV_M4L129W+4CVL0mcJ8hGrx+ff3ts=Zg@mail.gmail.com>
From: Nick Mathewson <nickm@torproject.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: perpass@ietf.org, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Let's remove gmt_unix_time from TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 16:32:41 -0000
On Wed, Sep 11, 2013 at 12:06 PM, Eric Rescorla <ekr@rtfm.com> wrote: > Before we discuss mechanisms, it would be good to verify that in general > clients and servers don't become unhappy if the timestamp is radically > wrong. Has someone done measurements to verify that this is in fact > the case at a broad scale? Tor Browser has omitted this field for over five years now to no ill effect. It would appear (assuming that I'm reading old NSS source right, which I might not be!) that from about 2000 to 2008, Firefox was sending the time since the process started, not the unix time, and nobody noticed until 2007: https://bugzilla.mozilla.org/show_bug.cgi?id=405652 So at least on the client side, there seems to be strong evidence that sending something other than the correct time does not cause obvious problems in the wild. yrs, -- Nick
- [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Alfredo Pironti
- Re: [TLS] Let's remove gmt_unix_time from TLS Russ Housley
- Re: [TLS] Let's remove gmt_unix_time from TLS Eric Rescorla
- Re: [TLS] Let's remove gmt_unix_time from TLS Adam Langley
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Ryan Hurst
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Paul Wouters
- Re: [TLS] Let's remove gmt_unix_time from TLS p.j.bakker
- Re: [TLS] Let's remove gmt_unix_time from TLS Hanno Böck
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Martin Rex
- Re: [TLS] Let's remove gmt_unix_time from TLS Xiaoyong Wu
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Nick Mathewson
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Martin Rex
- Re: [TLS] Let's remove gmt_unix_time from TLS Peter Gutmann
- Re: [TLS] Let's remove gmt_unix_time from TLS Marsh Ray
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Stephen Farrell
- Re: [TLS] [perpass] Let's remove gmt_unix_time fr… Peter Gutmann
- Re: [TLS] Let's remove gmt_unix_time from TLS Wan-Teh Chang
- Re: [TLS] Let's remove gmt_unix_time from TLS Brian Smith
- Re: [TLS] Let's remove gmt_unix_time from TLS Stephen Farrell
- Re: [TLS] Let's remove gmt_unix_time from TLS Wan-Teh Chang
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Nick Mathewson
- Re: [TLS] Let's remove gmt_unix_time from TLS Martin Thomson
- Re: [TLS] Let's remove gmt_unix_time from TLS Martin Rex