Re: [TLS] Server time
Erik Nygren <erik@nygren.org> Sat, 04 April 2015 19:53 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE8E71A1AD3 for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 12:53:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQvlUASCdyQf for <tls@ietfa.amsl.com>; Sat, 4 Apr 2015 12:53:32 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80ACE1A1A16 for <tls@ietf.org>; Sat, 4 Apr 2015 12:53:32 -0700 (PDT)
Received: by obvd1 with SMTP id d1so1102766obv.0 for <tls@ietf.org>; Sat, 04 Apr 2015 12:53:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=KfT9JkE5K4dLESplsgt4BoMz1FG7aKdr1npzlNZ8/pg=; b=Jact8+6u0BMqb4fXQlUB9L5BTc9NCOyBgO92xB+r6Aw1No3ttTErA52MpswmzmgctR 3xmGzUsW+57W3umKN3SMmgxyFywMk3Jf5pMTn2hQAgfXuJ2dh6esuIyTbHqNS1VENri5 mFO2541Ut3PFCFK0qrGeVZHe9XiZc9iqLcQGbP1KE9gIA3r5Ljn92VZjxLtOxeWKUAq9 +7unQj9JJ32OSNI3KF3bbxYdTR7QHWUPwy9veRn4e3XNIjrcjTyYyqRi2Gvjsch9TERV 48wTvcDUaokQYB48pnhVo2vPpeXR7w4MpR6byFNU3OX4O8CvJdjLjeKk3bUSwRdma++a O5QQ==
MIME-Version: 1.0
X-Received: by 10.182.248.161 with SMTP id yn1mr9791736obc.25.1428177211953; Sat, 04 Apr 2015 12:53:31 -0700 (PDT)
Sender: nygren@gmail.com
Received: by 10.202.176.130 with HTTP; Sat, 4 Apr 2015 12:53:31 -0700 (PDT)
Received: by 10.202.176.130 with HTTP; Sat, 4 Apr 2015 12:53:31 -0700 (PDT)
In-Reply-To: <201504041352.12431.davemgarrett@gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com>
Date: Sat, 04 Apr 2015 15:53:31 -0400
X-Google-Sender-Auth: EwCyeAQMTaFPbFY_tWpZXx9177U
Message-ID: <CAKC-DJj0rKNVXc1XJ4W2yiGY2bXYsXtAfubGEmO8JsoBu2kfvA@mail.gmail.com>
From: Erik Nygren <erik@nygren.org>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c2a8ac651a8a0512eb6b02"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/r2g3fecgwFE0y2QAueuR9mrIOgM>
Cc: tls@ietf.org
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 19:53:34 -0000
If we do, can we please make the extension y2038 safe? With 17 years to go
when this launches, that will be the same age as tls 1.0 and older than
sslv3.
It does seem like a useful server hello extension, however, as long as
clients wait for a complete and authenticated handshake before using it.
Erik
Sent from my mobile device
And now, a simple issue with a simple solution:
https://github.com/tlswg/tls13-spec/issues/64
Consensus was to drop time from the random fields. Prohibiting non-random
in ServerHello.random and adding a 4 byte uint32 ServerHello.time for TLS
1.3+ seems like a really simple solution. (note that ServerHello is already
changed by dropping compression_method)
The ability of a client to sanity check or sync its time seems like
something worth having, especially for only a 4 byte cost.
Dave
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
- [TLS] Server time Dave Garrett
- Re: [TLS] Server time Erik Nygren
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Hauke Mehrtens
- Re: [TLS] Server time Brian Smith
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Eric Rescorla
- Re: [TLS] Server time Dave Garrett
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Tom Ritter
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Martin Thomson
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Adam Caudill
- Re: [TLS] Server time Jeffrey Walton
- Re: [TLS] Server time Ben Laurie
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Peter Gutmann
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Florian Weimer
- Re: [TLS] Server time Kurt Roeckx
- Re: [TLS] Server time Jeffrey Walton