Re: [TLS] Relative vs absolute ServerConfiguration.expiration_date
Bill Frantz <frantz@pwpconsult.com> Thu, 23 July 2015 01:38 UTC
Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6045B1A1B76 for <tls@ietfa.amsl.com>; Wed, 22 Jul 2015 18:38:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SiXlK-XQHTFf for <tls@ietfa.amsl.com>; Wed, 22 Jul 2015 18:38:42 -0700 (PDT)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by ietfa.amsl.com (Postfix) with ESMTP id 6DFA11A1AE3 for <tls@ietf.org>; Wed, 22 Jul 2015 18:38:42 -0700 (PDT)
Received: from [68.34.215.90] (helo=Williams-MacBook-Pro.local) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1ZI5T6-00040E-Ga; Wed, 22 Jul 2015 21:38:40 -0400
Date: Wed, 22 Jul 2015 18:38:42 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Blake Matheny <bmatheny@fb.com>
X-Priority: 3
In-Reply-To: <45822829-5DA1-4AA8-9317-BE4D4AEC41E6@fb.com>
Message-ID: <r422Ps-1075i-2B99FA179EAA462989B17C5443053D7F@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79a7c74cfc5aadb00f828d073285374e2a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 68.34.215.90
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tl-saCFxHzmpLgUAwHx6y4BX0As>
Cc: tls@ietf.org
Subject: Re: [TLS] Relative vs absolute ServerConfiguration.expiration_date
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 01:38:44 -0000
One place we may run into a lot of those clients are on machines like the Raspberry Pi and Beaglebone machines. These boards do not include clock chips, so the machines must get the current time via NTP every time they power on. If there is a problem with NTP, or if the shell script to set the clock is not run, then the date will probably be 20 or 30 years back in the last millenium. Cheers - Bill On 7/22/15 at 2:14 PM, bmatheny@fb.com (Blake Matheny) wrote: >Ahh. I can't tell, the data I have is only clients with very >very broken clocks who failed validation as a result. My >assumption would be that there is a much larger number of >clients that fit what you described (cert/OCSP check passes, >but ServerConfiguration would not be). Since I don’t have the >data, I can’t say that for sure, but anecdotal evidence would >indicate that this is the case. > >-Blake > > > > >On 7/22/15, 10:58 PM, "Eric Rescorla" <ekr@rtfm.com> wrote: > >>I guess what I'm trying to get at is the following: >>Are there a lot of people whose clocks are accurate enough that they will be able to connect to the >server and check the certificate/OCSP but not accurate enough >to process ServerConfiguration if it is in absolute time. >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls > ----------------------------------------------------------------------- Bill Frantz | Ham radio contesting is a | Periwinkle (408)356-8506 | contact sport. | 16345 Englewood Ave www.pwpconsult.com | - Ken Widelitz K6LA / VY2TT | Los Gatos, CA 95032
- [TLS] Relative vs absolute ServerConfiguration.ex… Blake Matheny
- Re: [TLS] Relative vs absolute ServerConfiguratio… Eric Rescorla
- Re: [TLS] Relative vs absolute ServerConfiguratio… Blake Matheny
- Re: [TLS] Relative vs absolute ServerConfiguratio… Eric Rescorla
- Re: [TLS] Relative vs absolute ServerConfiguratio… Blake Matheny
- Re: [TLS] Relative vs absolute ServerConfiguratio… Bill Frantz
- Re: [TLS] Relative vs absolute ServerConfiguratio… Eric Rescorla
- Re: [TLS] Relative vs absolute ServerConfiguratio… Andrei Popov
- Re: [TLS] Relative vs absolute ServerConfiguratio… Hubert Kario
- Re: [TLS] Relative vs absolute ServerConfiguratio… Subodh Iyengar