Re: [TLS] Server time
Hauke Mehrtens <hauke@hauke-m.de> Sun, 05 April 2015 16:32 UTC
Return-Path: <hauke@hauke-m.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57F271A89ED for <tls@ietfa.amsl.com>; Sun, 5 Apr 2015 09:32:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.562
X-Spam-Level:
X-Spam-Status: No, score=-1.562 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u701OLymsRPE for <tls@ietfa.amsl.com>; Sun, 5 Apr 2015 09:32:36 -0700 (PDT)
Received: from hauke-m.de (hauke-m.de [5.39.93.123]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DABA21A895D for <tls@ietf.org>; Sun, 5 Apr 2015 09:32:35 -0700 (PDT)
Received: from [192.168.178.22] (ip-109-43-19-230.web.vodafone.de [109.43.19.230]) by hauke-m.de (Postfix) with ESMTPSA id 424ED20541; Sun, 5 Apr 2015 18:32:33 +0200 (CEST)
Message-ID: <5521639F.4070500@hauke-m.de>
Date: Sun, 05 Apr 2015 18:32:31 +0200
From: Hauke Mehrtens <hauke@hauke-m.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: noloader@gmail.com, Dave Garrett <davemgarrett@gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com> <CAKC-DJj0rKNVXc1XJ4W2yiGY2bXYsXtAfubGEmO8JsoBu2kfvA@mail.gmail.com> <201504041757.05854.davemgarrett@gmail.com> <CAH8yC8=wAaZBm0QzDC4oMOM8Ywzj9pnVCbYNpjmdOhxYOoorqg@mail.gmail.com>
In-Reply-To: <CAH8yC8=wAaZBm0QzDC4oMOM8Ywzj9pnVCbYNpjmdOhxYOoorqg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ffeD9kUS6z89X2bEoMtr32TN8ls>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Apr 2015 16:32:37 -0000
On 04/05/2015 12:10 AM, Jeffrey Walton wrote: > On Sat, Apr 4, 2015 at 5:57 PM, Dave Garrett <davemgarrett@gmail.com> wrote: >> ... >> >> Do a ping with a time request after authentication and it would be protected, measure latency, and easily provide precise remote time adjusted for response time. Might be overkill, though it'd be simple enough to add. >> > I think the problem here is channel setup will fail *if* the client's > clock is wrong. The client will fail to validate the end-entity > certificate due to problems with the notBefore and notAtfer (even > though its correct). You won't have a channel to perform the ping. If the client trusts the servers clock the notBefore and notAtfer check is useless, because a bad server could change the time of the check to a value where the certificate check is valid. If you take the time from the same entity where you get your certificate to check from the time check is useless. There is a big problem with embedded devices, which do not have a real time clock. One solution would be that you burn a valid certificate or CA certificate into a firmware and your device trusts this certificate regardless of the validity period. And this server could be used to get the time from. But wouldn't it be better to deign this as an extra protocol on top of TLS/DTLS? The German electronic identity card is unable to do any online checks and does not have a real time clock. It stores the issue date of the most recent certificate it saw and checks every other certificate if it was at least valid at this date. (The certificates used there are normally only valid for some days and there is no revocation mechanism) > I like the idea of a field like ServerHello.time so the server can > communicate its belief in time. A client can defer a simple failure > based on time until key exchange completes. If key exchange completes > successfully, then the client can decide if it wants to accept the > server's view of time. Adding such a field could also result in some stupid developers using this field to check if the certificate is valid for every handshake. > The functionality leads to other attack surfaces, like a rogue server > rolling back its time and using compromised key. But I think that can > be solved with a good degree of certainty using Guttmann's security > diversification techniques. > > Jeff
- [TLS] Server time Dave Garrett
- Re: [TLS] Server time Erik Nygren
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Hauke Mehrtens
- Re: [TLS] Server time Brian Smith
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Eric Rescorla
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Tom Ritter
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Martin Thomson
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Adam Caudill
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Ben Laurie
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Jeffrey Walton