IETF Logo Mail Archive

Re: [TLS] Server time

Jeffrey Walton <noloader@gmail.com> Sun, 05 April 2015 18:31 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F000A1ACD3B for <tls@ietfa.amsl.com>; Sun, 5 Apr 2015 11:31:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jcMDSsYwKm2u for <tls@ietfa.amsl.com>; Sun, 5 Apr 2015 11:31:31 -0700 (PDT)
Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E59B1ACD39 for <tls@ietf.org>; Sun, 5 Apr 2015 11:31:31 -0700 (PDT)
Received: by ierf6 with SMTP id f6so8818757ier.2 for <tls@ietf.org>; Sun, 05 Apr 2015 11:31:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=LajNn9qyrQ993xbI3I3HuoeWcH30bRelxGJZcjtVkoE=; b=rHt5cHLzLYsWdjVzHy3Jh8pjWMitaZDYef6ce3omDIWEd+YhjX7n0ngslYGgyd2VXb ivJC2IAaODV4YXqup9x0d4K9w7hMr+YFTECPotLOsrxTpqJlpWNzI3633OJ8RXYZObpX rIsD+y5B/jXx00+hISj5NGoRf0R5/xojkGba2KUvDtUIGF++i5WOUyc0vIosxsHVdu1L u0ZgH3aETrgFVeWzNJ4JzG1StTTIJ2srz+Fx4lpif8zUv2LrVxwt3jEncXq+osprJhlo 4y0oa5ICSe1kUdR5Q98DGHw34cejWQyScy89++Zr7y08UwK2wQSuOP8p5dJqOqOcfSg5 +0Dw==
MIME-Version: 1.0
X-Received: by 10.50.20.233 with SMTP id q9mr42175004ige.9.1428258690664; Sun, 05 Apr 2015 11:31:30 -0700 (PDT)
Received: by 10.36.77.15 with HTTP; Sun, 5 Apr 2015 11:31:30 -0700 (PDT)
In-Reply-To: <CAFewVt6T2M04Ta=YjyXV7U2gem6TV8EkNRn=b2zw+8q5ASHYPw@mail.gmail.com>
References: <201504041352.12431.davemgarrett@gmail.com> <CAFewVt6T2M04Ta=YjyXV7U2gem6TV8EkNRn=b2zw+8q5ASHYPw@mail.gmail.com>
Date: Sun, 05 Apr 2015 14:31:30 -0400
Message-ID: <CAH8yC8kGoCL8c5tkU=be3Jco+e-RhJcc6tboSj8iFY1m2Ch_8A@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/sRgxxLXGG8SEmmdoN4RMGbdJjVM>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Server time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Apr 2015 18:31:33 -0000

> Keep in mind that we removed the time from the Hello random fields
> because they leaked information that made it easier to track clients.

Tracking and anonymity has a different solution. I don't understand
how folks can claim they are solving this when the first TCP SYN
usually begins the tracking process. What happens after the TCP stream
begins is irrelevant.

> And note that clients often play the server roll in (D)TLS. In
> particular, clients act as both the client and server in DTLS for
> WebRTC. Consequently, there always needs to be a way for the server to
> NOT say what time it thinks it is.

In this case, allow a value of 0. In RFC 1952 (GZIP file format
specification), a MTIME of 0 means no time is available.

On Sun, Apr 5, 2015 at 2:11 PM, Brian Smith <brian@briansmith.org> wrote:
> Dave Garrett <davemgarrett@gmail.com> wrote:
>> Consensus was to drop time from the random fields.
>
> Right.
>
>> Prohibiting non-random in ServerHello.random and adding a 4 byte uint32 ServerHello.time for TLS 1.3+ seems like a really simple solution.
>
> What problem does it solve?
>
>> (note that ServerHello is already changed by dropping compression_method)
>
> That seems unnecessary to me. compression_method could/should just be
> fixed to be "null", avoiding unnecessary compatibility risk.
>
>> The ability of a client to sanity check or sync its time seems like something worth having, especially for only a 4 byte cost.
>
> The client can sanity check or sync its time using other mechanisms
> already, even with earlier versions of TLS. I don't see how adding a
> time field to ServerHello would help solve that problem.
>
> There may be occasions when the server and client need to sync time,
> e.g. if it helps the 0-RTT handshake in some way. But, that should be
> done as part of the specification for whatever mechanisms require it.
> See the long-ago discussion about this [0].
>
> Keep in mind that we removed the time from the Hello random fields
> because they leaked information that made it easier to track clients.
> And note that clients often play the server roll in (D)TLS. In
> particular, clients act as both the client and server in DTLS for
> WebRTC. Consequently, there always needs to be a way for the server to
> NOT say what time it thinks it is.
>
> Cheers,
> Brian
>
> [0] https://www.ietf.org/mail-archive/web/tls/current/msg10861.html

v2.23.0 | Report a Bug | By Email