Re: [TLS] No more GMT exposure in the handshake

Kurt Roeckx <kurt@roeckx.be> Sun, 08 June 2014 10:17 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F9B21A0391 for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 03:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQDai1lAetbw for <tls@ietfa.amsl.com>; Sun, 8 Jun 2014 03:17:31 -0700 (PDT)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C9281A032C for <tls@ietf.org>; Sun, 8 Jun 2014 03:17:31 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id 400731C21A1; Sun, 8 Jun 2014 12:17:22 +0200 (CEST)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id 0CE501FE00EC; Sun, 8 Jun 2014 12:17:21 +0200 (CEST)
Date: Sun, 8 Jun 2014 12:17:21 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: Jacob Appelbaum <jacob@appelbaum.net>
Message-ID: <20140608101721.GA6189@roeckx.be>
References: <CACsn0cm69oJX_Bxqerig4qBmSf1fcQWW5EG42jia3qJkTwe0Tw@mail.gmail.com> <53934B47.4090603@fifthhorseman.net> <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAFggDF0rn+xuFksKW0+xJMAxRkjb8y6=7qiEQcM200iwtzy-0Q@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/mXRbrTWjlrkrjTKUrRXSXzwyFKU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] No more GMT exposure in the handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jun 2014 10:17:34 -0000

On Sat, Jun 07, 2014 at 09:55:23PM +0000, Jacob Appelbaum wrote:
> On 6/7/14, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> > On 06/07/2014 10:56 AM, Watson Ladd wrote:
> >> Putting the clock time in the TLS handshake enables fingerprinting.
> >> It's useless cryptographically: 32 random bytes is exceedingly
> >> unlikely to repeat.
> >
> > There seems to be a growing consensus on this point:
> >
> >   https://tools.ietf.org/html/draft-mathewson-no-gmtunixtime
> >
> 
> I've said as much to Nick and to Eric (in the context of working on
> tlsdate[0]) but perhaps not on this tls list:
> 
> I'd like to see servers provide 64bits of time resolution in the
> ServerHello and nothing but randomness in that field in the
> ClientHello.
> 
> The current 32bit field isn't accurate enough for replacing NTP. If we
> can't make the time field useful for accurate secure time exchange - I
> hope we'll remove all network visible distinguishers, even ones that
> are currently useful for totally bizarre reasons.

Would that be in the same format as NTP, with 32 bit for the
seconds and 32 bit for fractional second, and so a resolution
of 0.2 nano seconds?  I'm wondering what kind of accuracy you'll
get.

Anyway, how do you plan to deal with checking the status of the
certificate if you don't know what the current time is?


Kurt