Re: [TLS] Getting started, clock not set yet
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 17 August 2022 15:34 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1FEEC1522BC for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:34:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ecKasdTM7ISb for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:34:38 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E325C14F74E for <tls@ietf.org>; Wed, 17 Aug 2022 08:34:37 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2173.outbound.protection.outlook.com [104.47.71.173]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-56-CYBnm0HMMG-oQlCCZqxiaw-1; Thu, 18 Aug 2022 01:34:34 +1000
X-MC-Unique: CYBnm0HMMG-oQlCCZqxiaw-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by ME3PR01MB6289.ausprd01.prod.outlook.com (2603:10c6:220:105::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.10; Wed, 17 Aug 2022 15:34:33 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9ce9:9bf2:308b:8a40]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9ce9:9bf2:308b:8a40%4]) with mapi id 15.20.5504.028; Wed, 17 Aug 2022 15:34:33 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Kyle Rose <krose@krose.org>
CC: Hal Murray <halmurray+tls@sonic.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Getting started, clock not set yet
Thread-Index: AQHYsCRpUrhIAc5JOEq2Ame6pq4OrK2v6+4AgANKXLGAAANCgIAAA8+p
Date: Wed, 17 Aug 2022 15:34:33 +0000
Message-ID: <SY4PR01MB62513521F1522D0BCBE02379EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <krose@krose.org> <CAJU8_nWC+GRZFm02trAgB_bmUfkNF9bMfUHenVRNojydzi1NNw@mail.gmail.com> <20220814212506.A6A1A28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <CAJU8_nUZCR3ihGBj101n8zd6e9+nqFR0NW=u6EgpqDwKX+=aUg@mail.gmail.com> <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAJU8_nWU9RnBVgUBPKShwZ=XyT+Q=rm-xhiOMPBWymOuWQ26mg@mail.gmail.com>
In-Reply-To: <CAJU8_nWU9RnBVgUBPKShwZ=XyT+Q=rm-xhiOMPBWymOuWQ26mg@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1fb95566-e11b-46a7-d01b-08da8065fbf9
x-ms-traffictypediagnostic: ME3PR01MB6289:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: WTXTKVL1AgKLKi5qjq+Xh3EFfGyPf0hGP9lIpZGkU5JC+T5v2Qnb8WDh5vBAzgJDCHCctLSpn2WtCyc+/coMbP8CFKAJAhhXA8T9+e+G/iiU5fLi2IhUTWfqyYuOeIPD2DoH5dYQLdVkJi3QG0z3RJGvQhGiqkKhr21NgAvB4q52CIONG9q8gAJ7cbAlGroboMew+CC2+QAefh4LuKjpEoNUnhILcBRrPC/ESvH3bQ7wx/I/N/NY5hg0oAsmWng52poxnxkVPqev52lsWXSBioNgxAZkev9JczlsU2ntNAAXIqwZ/uQ8MT8mNCCWgaj7NwCYbLTRs0xBeHUwvoDBWzD+KaSduIUnx/BU6DYVbHliJAOl5zuGmqGEWJ59LWxioGh3c3rgVnv25wXAy5MB473mBhOSOo/RetTiw2SBoheaZtsH4XVrGUTfiGdR7wlbXnRPubvjUKo38/hAWzgWrp+vFB1ooORmHCHqdQbsdEBFOe1vP+QhBwksfr41jIwxUtnyGEwFg87Mx9zXo7tMOFRqpUQQ73jAJdWWAZ1V/ADp9cHcjamE99inlXOSgm+yf/J0joZGeTqHYjrYWKrEXLGwAn3qugxqZpf8hB4ELs2Z++HPDrIMoptmc2XlgJaTKNcLA85R+XBtIzRr2X85nk0UM3F1xSf+7XW4ct8/Af2Ghqr5iA1wVzruSrzlcJ3o7A985sP1yNvNq+Yh2piGlbnaoVMsKMzGf5DBJYZgWws8Xjj6ePcpEFWaL5vbpQ+6fxNia08+I75HhiImVe2ll0WxblNszrdwRPSFOO+hqpg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(376002)(136003)(396003)(366004)(346002)(5660300002)(6506007)(6916009)(52536014)(9686003)(558084003)(26005)(86362001)(8936002)(66556008)(66446008)(64756008)(71200400001)(478600001)(66946007)(8676002)(786003)(41300700001)(38070700005)(66476007)(7696005)(54906003)(4326008)(2906002)(76116006)(33656002)(316002)(83380400001)(122000001)(55016003)(38100700002)(186003); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qBIFRy8rOki033EFYwAADOEzCRNtjoDux2Gvvct5nAx3//RhOrbAORHLnHkEVR09bWFAJBnQGJDL8n1rsMdXY2KFPV7jVpXjuQEehAVY55lnvWaVJuNvXfglk+Fbw5JmCAgTVC0NZCUIZiddogim6CcqRa9ksPxn7BSLq+k1DmaK0UTowjqtilJcCoC+t1nLQBbrGhSWB3H3q3qjIyCJoAxK8adXnuSxfJfBR8C7Z5r5Ff7KQZ9TcNGbHrMJyfcRoZq6SU7c+LWwNM8OROsWFtzxlb44BfWzZWx4jrdr9iaKNJHeHH0afbAc+9aoXYSG9GkAUYo6fIXhIUEAgVWKez4kd9Q2QQ8g78JtkemzBLiSnftteskfP+PYrTP6ubkWHcZW8ZkLQBpBlt30fMnXLeu06qmttGKIzBxvas+H/DADQQTT2VkjdLhVRH3BqhgqLUqhUATxzKKqlbseF8wGbiOK8AO7vP9OmK+MZRvJubNhIJmaHbRH1pbldM0A/SK0J69PfQN7N7l/xu4+dt3OdJsy6dh5zynrJHrh/Ga+EQZbDr7xRsChc0t64F+ZGInsW8GT4Ya0bDRXJ7pfHlyEk+NjVpESi6Ua1vvQn57HfJ+n/PWRZd4IZa+0ZdlfB3fd+UoMbx8MwyD0ORN68hoFFWaU9cMVzisDwTt/cJqWQ7wwYsj/amPTtnyQUOYJx2MI1RgQOZVAlormKolg3PaXT2LZQyQDFuX/PKpP1ZI146IiAwMQduQmaYqyCjwqGcZclUf4jDH77NfZYJEfJO0vaYClNfuNPMNxClMwWWNGFgrnA46ZkeSrHp4zgrMIaobdvWPAPRjUHiFakAdb8HWs+8CEAoFh24MesVoSJaSO9+1NmaPGfhUjaFDt+xUXZRa8/HZfW4GQBXa3WHvkBXiQG2EGyXialcHuSAHopF2I7aW7o3xdohigygEprd/ULGaModueGBpMVPY9JXXav6XcR5fZzCX7rB4+Limoul/BZE3HiBZNm1owyYXP4lmyxPnpn8C+raJF8M/xKMgTiXBuP/PpQeizK5mxEm+XHt+yFJ0qLLUHkQ1qrdiYKDeWsPVf3vmGIv1bsCTz9cDRR4KtrQBFh0WgBQzYODeRNTfTqbf3jOeFPcZRIGPsQTr5B2KhkXRkoSBOOXLEuw9K7WIZ2t+2v3fluvZBiwkubOLeRLOm9Leq3gOHzOWcZ55w9zr+u4vMhZ0fOHZEhABpdRXdjXe53yBTBcsIcLVm63fB/3xNJ25vxToGZlaRKNtggqwtQrisJHkZGyB3dEB6OpiUHc9VeUx5PoW7EmYR/obtEpVLpgAZRHOM/n/N1qqyd0N4H6qHivg0xRWA0p7eh1tY/2idrD+DHelv/aun9YqGVMfrTH16cGvwsAR6BymJMSPFJ2LOg3Z9IWEdcIaflmJ8IX35okCdjGZ33T64JqcRcQRDkUtxqTlxmBouAhfrmqxWJguzuBrTN9RYoMpBu5gArPhLTZWqTw7k3vxnF6jUnK0m7FmLc9H2Nncsf875519B4ylN+GaNneb/eDg4lovMvMtV5isUn58RkAxOWlDH67m2PM6AzXXAE+aiuze3nlrL
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1fb95566-e11b-46a7-d01b-08da8065fbf9
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2022 15:34:33.3539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qXA+rpvd0Bv+GpsrRcHeL+aVCVmjJnrMUgWImZ4JJL7wGPVgp9qmWCLRbi0mAedK+X9RaHa21by4tjReMNIDs7WlcNad5rldsOWyTfU1zYg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3PR01MB6289
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lZZ5kft-UwXT8OqrdPsaM3-21mA>
Subject: Re: [TLS] Getting started, clock not set yet
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 15:34:39 -0000
Kyle Rose <krose@krose.org> writes: >IMO, the two requirements "Prohibit upgrades" and "Leverage general-purpose >network protocols with large attack surfaces" are in direct conflict. Only if you implement them with large attack surfaces, for which again see my earlier comments. Peter.
- [TLS] Getting started, clock not set yet Hal Murray
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Rob Sayre
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Rob Sayre
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Rob Sayre
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Christopher Wood
- Re: [TLS] Getting started, clock not set yet Benjamin Kaduk
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Benjamin Kaduk
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Christian Huitema
- Re: [TLS] Getting started, clock not set yet Benjamin Kaduk
- Re: [TLS] Getting started, clock not set yet Robert Relyea
- Re: [TLS] Getting started, clock not set yet Christian Huitema
- Re: [TLS] Getting started, clock not set yet Hal Murray
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Hal Murray
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Salz, Rich
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Peter Gutmann