IETF Logo Mail Archive

Re: [TLS] Server time

Brian Smith <brian@briansmith.org> Sun, 05 April 2015 18:11 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F4ED1ACD19 for <tls@ietfa.amsl.com>; Sun, 5 Apr 2015 11:11:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZUYAQmNCLk0X for <tls@ietfa.amsl.com>; Sun, 5 Apr 2015 11:11:50 -0700 (PDT)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07CDC1ACD1D for <tls@ietf.org>; Sun, 5 Apr 2015 11:11:50 -0700 (PDT)
Received: by obbec2 with SMTP id ec2so16562438obb.3 for <tls@ietf.org>; Sun, 05 Apr 2015 11:11:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=H7vxZ/75Ebo3meZxOocIAf8pHm8OYFlaJS80RUnuxCA=; b=I+uv2NiZ1ZHIOJtndSKADDmfGRb81ZADxEy0yMTFV96ZXl/yRBSK3SQGvd7ZcDzXeg P6aMUETaVusqteuVd5AFjV/hUH9tER36fxvVRw936pW7t2KU566RBZq9rsr7btNWM4xJ c7EcpT74zEowZVptKJAuDajs4FmgoWHosFLscti+dtL9JQk10ZWJ+AFRGxCz8bOX117z 0H9Qe6TMgL1W90+R9uGBjfxcZek8bBCLYjVnUphX8H8qUZXqMpwPyb8W5kmY5DeR1CDZ yXGoROQiEtrVQbMb6oKF4LBE4LbIzyiqEx/sKXovp/Szo8llzT14ABZtQobDs3ZnR1OR DHtQ==
X-Gm-Message-State: ALoCoQmyTXBhp+vU9hNeEBrrKzlabHB2SC0+5TH8bomhyadMzW7hA7OIg9Z3hipLmpXUmedHhCIc
MIME-Version: 1.0
X-Received: by 10.60.160.236 with SMTP id xn12mr14449474oeb.53.1428257509433; Sun, 05 Apr 2015 11:11:49 -0700 (PDT)
Received: by 10.76.20.146 with HTTP; Sun, 5 Apr 2015 11:11:49 -0700 (PDT)
In-Reply-To: <201504041352.12431.davemgarrett@gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com>
Date: Sun, 05 Apr 2015 08:11:49 -1000
Message-ID: <CAFewVt6T2M04Ta=YjyXV7U2gem6TV8EkNRn=b2zw+8q5ASHYPw@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/e99JvERD7Fs8PLRpiMx7pLN94QA>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Apr 2015 18:11:51 -0000

Dave Garrett <davemgarrett@gmail.com> wrote:
> Consensus was to drop time from the random fields.

Right.

> Prohibiting non-random in ServerHello.random and adding a 4 byte uint32 ServerHello.time for TLS 1.3+ seems like a really simple solution.

What problem does it solve?

> (note that ServerHello is already changed by dropping compression_method)

That seems unnecessary to me. compression_method could/should just be
fixed to be "null", avoiding unnecessary compatibility risk.

> The ability of a client to sanity check or sync its time seems like something worth having, especially for only a 4 byte cost.

The client can sanity check or sync its time using other mechanisms
already, even with earlier versions of TLS. I don't see how adding a
time field to ServerHello would help solve that problem.

There may be occasions when the server and client need to sync time,
e.g. if it helps the 0-RTT handshake in some way. But, that should be
done as part of the specification for whatever mechanisms require it.
See the long-ago discussion about this [0].

Keep in mind that we removed the time from the Hello random fields
because they leaked information that made it easier to track clients.
And note that clients often play the server roll in (D)TLS. In
particular, clients act as both the client and server in DTLS for
WebRTC. Consequently, there always needs to be a way for the server to
NOT say what time it thinks it is.

Cheers,
Brian

[0] https://www.ietf.org/mail-archive/web/tls/current/msg10861.html

v2.23.0 | Report a Bug | By Email