Re: [TLS] OPTLS: Signature-less TLS 1.3

Peter Gutmann <> Mon, 03 November 2014 18:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E96091A6F57 for <>; Mon, 3 Nov 2014 10:00:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.794
X-Spam-Status: No, score=-4.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id edAMKCvFAqPO for <>; Mon, 3 Nov 2014 10:00:37 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8132B1A6F53 for <>; Mon, 3 Nov 2014 10:00:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=uoa; t=1415037638; x=1446573638; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=lyaXZIvdpE0JWhU/kAFknGvzd0jWjnPhQR3+A5/j/EM=; b=pJyFJYf7Or9rtyQlF4rKYTyCmMyQdvJVZ5IbWk2afADwixOp/iR014mX ghOScc3w1qrgIA/4zwwtENSH7K9f4N71UD4FoiRDqV+TdcRCYtagMJpuZ zRz9RkiiNlxt5QLiNz42B9ZFgJbaLGa7Gf20DIpPysz2iK14T2Q7EKKvC A=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="287434906"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES128-SHA; 04 Nov 2014 07:00:36 +1300
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Tue, 4 Nov 2014 07:00:35 +1300
From: Peter Gutmann <>
To: "<>" <>
Thread-Topic: [TLS] OPTLS: Signature-less TLS 1.3
Thread-Index: Ac/3kBBMjHGwdVuoRFOXpz39asc67A==
Date: Mon, 03 Nov 2014 18:00:33 +0000
Message-ID: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] OPTLS: Signature-less TLS 1.3
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 03 Nov 2014 18:00:39 -0000

Hanno Böck <> writes:

>I recently changed my servers from ntpd to tlsdated. That's probably what
>everyone should do. (this still leaves open the question whom you trust for
>your timesource - but it's certainly an improvement over insecure ntp)

See my recent post to the SAAG list where this is also being discussed, this
hack already doesn't work for some TLS servers and won't work at all in the
future when the nonce is just 32 random bytes.

(Also, if everyone is trusting some TLS server as their time source then all
you need to do is spoof that server's NTP source and you've spoofed the time
for every client that relies on it).