Re: [TOOLS-DEVELOPMENT] ical server issue
Russ Housley <housley@vigilsec.com> Wed, 16 September 2015 19:14 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tools-development@ietfa.amsl.com
Delivered-To: tools-development@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 574EF1A00A8 for <tools-development@ietfa.amsl.com>; Wed, 16 Sep 2015 12:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6737Y_WSj6E for <tools-development@ietfa.amsl.com>; Wed, 16 Sep 2015 12:14:30 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 71C5C1A00A4 for <tools-development@ietf.org>; Wed, 16 Sep 2015 12:14:30 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id E6CC29A409D; Wed, 16 Sep 2015 15:14:19 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id yKZxjV-2ztgE; Wed, 16 Sep 2015 15:13:02 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id D3E539A400D; Wed, 16 Sep 2015 15:13:58 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <55F9AF04.8000900@labn.net>
Date: Wed, 16 Sep 2015 15:13:47 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B5801851-860B-435C-AFC2-3CD68035F9F7@vigilsec.com>
References: <55F2EAA4.3040503@labn.net> <CABL0ig5fUgUK=Ewi3EtWVkyMqnWxddWkRVpF4Or7x7sg9CnPvw@mail.gmail.com> <CABL0ig5i0T3Zum-B=NypPfqC7T9gThT++fer50sqfm-x+9Xx8g@mail.gmail.com> <55F31680.6080100@labn.net> <14fc7535b48.2818.9b4188e636579690ba6c69f2c8a0f1fd@labn.net> <CABL0ig76yvn_S1gO9hj=inUgoYCJAM2zP+QkSnRxvQi2Jas1Nw@mail.gmail.com> <55F8E38F.7080901@labn.net> <CABL0ig5-LcUV-phXamaTUrKyKiKU3VVY-4dOADt0e4+fXVWmuw@mail.gmail.com> <55F99B74.7080105@labn.net> <CABL0ig7ybBHX8G1ybPL8XpKp6zJw=+DC5zwMtXSaqjw9YZG1RA@mail.gmail.com> <CAP4=VchX7r802yH0HF5ysGj6iAdvTRfGBQYib=242DO8d0cF7Q@mail.gmail.com> <CABL0ig5EzPOW0DfVDuVCSQF0M8o1ZU6JTfyinrBJfL81nK8xCw@mail.gmail.com> <CAP4=VciZPMTGSh4exkW3FSuU3h8=d5X2ts3pi6JaMCp+BaLkLg@mail.gmail.com> <55F9AF04.8000900@labn.net>
To: Lou Berger <lberger@labn.net>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tools-development/EOY0mfxbAjxFXu6kkRiVAShaj78>
Cc: tools-development@ietf.org
Subject: Re: [TOOLS-DEVELOPMENT] ical server issue
X-BeenThere: tools-development@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Tools Development list server <tools-development.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-development>, <mailto:tools-development-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-development/>
List-Post: <mailto:tools-development@ietf.org>
List-Help: <mailto:tools-development-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-development>, <mailto:tools-development-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 19:14:32 -0000
Lou: Time is part of the TLS handshake nonce. But, no one checks it. In fact, in TLS 1.3 it is being replaced with random bits. Russ On Sep 16, 2015, at 2:03 PM, Lou Berger wrote: > I think ssl includes a time exchange, but I'm certainly not informed > (let alone an expert) on this topic... > > On 09/16/2015 01:51 PM, Benson Schliesser wrote: >> No, I think my "shot in the dark" was just a miss... I just spent a few >> minutes just now looking at the cert, http headers, etc, and it all >> seems correct to me. Sorry. >> -B >> >> >> On Wed, Sep 16, 2015 at 1:14 PM, Glen <glen@amsl.com >> <mailto:glen@amsl.com>> wrote: >> >> Hi Benson - >> >> The iCal server is using the same global wildcard certificate that >> the rest of the IETF services are using. >> >> I just reviewed it, and the time zone information appears to be >> correctly set. The expiration date, for example, is: >> >> 8/11/2016 16:12:50 PM (8/11/2016 23:12:50 PM GMT) >> >> Which seems to be more-or-less correct.... >> >> Apologies if I'm missing something or looking in the wrong place? >> >> Glen >> >> >> >> >> >> >> >> On Wed, Sep 16, 2015 at 10:06 AM, Benson Schliesser >> <bensons@queuefull.net <mailto:bensons@queuefull.net>> wrote: >> >> Just a shot in the dark: Given that this issue presents itself >> when Google Calendar pulls ical info via HTTPS, it occurs to me >> that perhaps the issue is with timezone info in the server's >> certificate..? >> -B >> >> >> On Wed, Sep 16, 2015 at 12:43 PM, Glen <glen@amsl.com >> <mailto:glen@amsl.com>> wrote: >> >> Understood. I'll make sure everyone here knows this, and if >> we locate any web pages with the less-desirable link, I'll >> make sure they get updated. >> >> Thanks, >> Glen >> >> >> On Wed, Sep 16, 2015 at 9:40 AM, Lou Berger >> <lberger@labn.net <mailto:lberger@labn.net>> wrote: >> >> >> >> On 9/16/2015 12:30 PM, Glen wrote: >>> ... >>> Interesting find about the https:// though... >> .. >> >> Given the work around, I'm going to move on to other >> things. As we >> scale out ical services, and more google users show up, >> we'll need to >> address this. Certainly publishing the http version as >> 1st choice for >> public calendars will avoid most of this. >> >> Thanks, >> Lou >> >> >> _______________________________________________ >> TOOLS-DEVELOPMENT mailing list >> TOOLS-DEVELOPMENT@ietf.org >> <mailto:TOOLS-DEVELOPMENT@ietf.org> >> https://www.ietf.org/mailman/listinfo/tools-development >> >> >> >> _______________________________________________ >> TOOLS-DEVELOPMENT mailing list >> TOOLS-DEVELOPMENT@ietf.org <mailto:TOOLS-DEVELOPMENT@ietf.org> >> https://www.ietf.org/mailman/listinfo/tools-development >> >> >> >> _______________________________________________ >> TOOLS-DEVELOPMENT mailing list >> TOOLS-DEVELOPMENT@ietf.org <mailto:TOOLS-DEVELOPMENT@ietf.org> >> https://www.ietf.org/mailman/listinfo/tools-development >> >> >> >> >> >> _______________________________________________ >> TOOLS-DEVELOPMENT mailing list >> TOOLS-DEVELOPMENT@ietf.org >> https://www.ietf.org/mailman/listinfo/tools-development >> > > _______________________________________________ > TOOLS-DEVELOPMENT mailing list > TOOLS-DEVELOPMENT@ietf.org > https://www.ietf.org/mailman/listinfo/tools-development
- [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Russ Housley
- Re: [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Benson Schliesser
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Benson Schliesser
- Re: [TOOLS-DEVELOPMENT] ical server issue Lou Berger
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Glen
- Re: [TOOLS-DEVELOPMENT] ical server issue Russ Housley