Re: [TLS] No more GMT exposure in the handshake

Jacob Appelbaum <jacob@appelbaum.net> Sat, 07 June 2014 21:55 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43BAC1A021E for <tls@ietfa.amsl.com>; Sat, 7 Jun 2014 14:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o4i7XuaiVnjA for <tls@ietfa.amsl.com>; Sat, 7 Jun 2014 14:55:31 -0700 (PDT)
Received: from mail-qg0-f44.google.com (mail-qg0-f44.google.com [209.85.192.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 149FC1A0218 for <tls@ietf.org>; Sat, 7 Jun 2014 14:55:30 -0700 (PDT)
Received: by mail-qg0-f44.google.com with SMTP id i50so7183926qgf.31 for <tls@ietf.org>; Sat, 07 Jun 2014 14:55:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dGu+An7w0uDTS3KZtxrf7fsqtHLCXJRSdH8P0El01v4=; b=mKqn+FP4Chq7xVAXJPHdRkab3tjtH0Ua1TA4uxnhP9Hri5ubynRi2yiDRj172H16ui Mz2pSZvPE6Dt7eLzxwQh/kZPsV8vM1MBu1jVZKBcGAeroG7creO3UZKsD2sgTDUKnYcc Bk1YNTQfux6ow0jof7bSR7UX58ya3WUkiGkC2MiBhFNHywWoRSau7ntxTd8J01vFUAt0 vioABm3eR4ly7QlFx2DoeAAUewpPVIfCGmwZSmjgAd5PtEBQeAXsK7hd4deSTyU99P3y B0OqI0aLmypdYxivL/Z/ojC8hEOWkrfzXUgiYmvhTu1Nwj37mZAXaRUegnX8YxIvTms1 P+3A==
X-Gm-Message-State: ALoCoQmNbd+Axp36J7ZMMkVZLhSAxrTOmul3ydU/E+gl2DoyDjiy18UgW5nu+vSwSXVkENf32FMt
MIME-Version: 1.0
X-Received: by 10.140.89.18 with SMTP id u18mr19742516qgd.90.1402178123380; Sat, 07 Jun 2014 14:55:23 -0700 (PDT)
Received: by 10.140.100.205 with HTTP; Sat, 7 Jun 2014 14:55:23 -0700 (PDT)
X-Originating-IP: [37.221.161.235]
In-Reply-To: <53934B47.4090603@fifthhorseman.net>
References: <CACsn0cm69oJX_Bxqerig4qBmSf1fcQWW5EG42jia3qJkTwe0Tw@mail.gmail.com> <53934B47.4090603@fifthhorseman.net>
Date: Sat, 7 Jun 2014 21:55:23 +0000
Message-ID: <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dbh0y64mnIcXqnN9LZ2W2GsErrI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] No more GMT exposure in the handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jun 2014 21:55:32 -0000

On 6/7/14, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On 06/07/2014 10:56 AM, Watson Ladd wrote:
>> Putting the clock time in the TLS handshake enables fingerprinting.
>> It's useless cryptographically: 32 random bytes is exceedingly
>> unlikely to repeat.
>
> There seems to be a growing consensus on this point:
>
>   https://tools.ietf.org/html/draft-mathewson-no-gmtunixtime
>

I've said as much to Nick and to Eric (in the context of working on
tlsdate[0]) but perhaps not on this tls list:

I'd like to see servers provide 64bits of time resolution in the
ServerHello and nothing but randomness in that field in the
ClientHello.

The current 32bit field isn't accurate enough for replacing NTP. If we
can't make the time field useful for accurate secure time exchange - I
hope we'll remove all network visible distinguishers, even ones that
are currently useful for totally bizarre reasons.

All the best,
Jacob

[0] https://www.github.com/ioerror/tlsdate