Re: [TLS] Resolution on gmt_time
Dan Wing <dwing@cisco.com> Fri, 18 July 2014 22:54 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00B3A1A02A3 for <tls@ietfa.amsl.com>; Fri, 18 Jul 2014 15:54:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.901
X-Spam-Level:
X-Spam-Status: No, score=-13.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHH0_AR1R37f for <tls@ietfa.amsl.com>; Fri, 18 Jul 2014 15:54:26 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 747661A02A2 for <tls@ietf.org>; Fri, 18 Jul 2014 15:54:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5639; q=dns/txt; s=iport; t=1405724066; x=1406933666; h=mime-version:subject:from:in-reply-to:date:cc:message-id: references:to; bh=O8JkH3rwPOqfSsLsLx+MyQco6A9hL9hVERYoxwKklIQ=; b=QYKG4saZMusGuhg0KekiLHcHPWC+1LGbFXUIluiZxPY+MiR42LknhtyU X7v3yb5yEnOdGWjJ9b5JFNlkAyZB+eku9wGlZaStw7IsM8xpiDqHNnBkm Gj8nueDxPQhGREi11R+Oe2L3b84ZV1/SkRlHnEuoO2JKKH+AeNHMxUz61 g=;
X-IronPort-AV: E=Sophos;i="5.01,688,1400025600"; d="scan'208,217";a="338078116"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-9.cisco.com with ESMTP; 18 Jul 2014 22:54:25 +0000
Received: from [10.21.77.118] ([10.21.77.118]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id s6IMsNN2015953 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 18 Jul 2014 22:54:25 GMT
Content-Type: multipart/alternative; boundary="Apple-Mail=_568958A5-C2A0-4FAB-89B0-FA0817021E35"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <CABcZeBP7hTxL59+0GmRH1PYGr8g3+=cdXE3dsHmmGHDnJcOz3A@mail.gmail.com>
Date: Fri, 18 Jul 2014 15:51:18 -0700
Message-Id: <FDFA7387-D6C7-4A6B-916F-C9CB8D142F49@cisco.com>
References: <338B3B88-CCE5-4D79-97DC-1EC7D84891AA@cisco.com> <CABcZeBP7hTxL59+0GmRH1PYGr8g3+=cdXE3dsHmmGHDnJcOz3A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dTLPqejKsaTzFxAqIK3F4gJa6-E
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Resolution on gmt_time
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 22:54:28 -0000
It reads for TLS 1.3: Server implementations MAY opt to include the time in their Server.random values in order to accomodate clients which use that field for time synchronization. How does the TLS server know if the client uses the field for synchronization? This feels like an excuse for a lazy implementation to leave it in, and the text does not explain the risk. Yes, there is a risk -- peer-to-peer TLS or peer-to-peer DTLS (such as for WebRTC and DTLS-SRTP). I would rather kill this entirely, and if someone needs synchronization they can run TLS 1.0-1.2, or use some other protocol like NTP. -d On Jul 16, 2014, at 8:09 AM, Eric Rescorla <ekr@rtfm.com> wrote: > See https://github.com/tlswg/tls13-spec/pull/65 > > Expected merge date: Friday Jul 18 > > > On Sun, Jun 22, 2014 at 10:17 PM, Joseph Salowey (jsalowey) <jsalowey@cisco.com> wrote: > Thanks all. Based on the list discussion, the chairs believe there > is rough consensus on the following points: > > For TLS 1.3: > - Remove GMT time from the ClientHello entirely. > - Remove GMT time from the ServerHello at the MUST or SHOULD level. > > For TLS 1.2: > - Remove GMT time from the ClientHello entirely. > - Remove GMT time from the ServerHello at the SHOULD level. > > Next steps for TLS 1.3 are as follows: > The editor is directed to remove GMT time from both random values > and open an issue as to whether or not the ServerHello can have > a time value in it. > > Next steps for TLS 1.2 are as follows: > Absent any objections, the chairs intend to adopt draft-matthewson > as a WG draft. Anyone who objects to this, please say something by > Friday June 27. > > Joe > (For the chairs) > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Resolution on gmt_time Joseph Salowey (jsalowey)
- Re: [TLS] Resolution on gmt_time Eric Rescorla
- Re: [TLS] Resolution on gmt_time Dan Wing
- Re: [TLS] Resolution on gmt_time Eric Rescorla