[Dtls-iot] Secure Time
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 15 July 2015 11:23 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C08E41A88A7 for <dtls-iot@ietfa.amsl.com>; Wed, 15 Jul 2015 04:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-YVXtcXnNCM for <dtls-iot@ietfa.amsl.com>; Wed, 15 Jul 2015 04:23:39 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 296A21A88B8 for <dtls-iot@ietf.org>; Wed, 15 Jul 2015 04:23:39 -0700 (PDT)
Received: from [192.168.131.133] ([195.149.223.246]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MeMOx-1Zc7OQ0dNn-00QG4C; Wed, 15 Jul 2015 13:23:37 +0200
Message-ID: <55A642B3.3070708@gmx.net>
Date: Wed, 15 Jul 2015 13:23:31 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Xohxe07uarqlX3QhTCJrHVjluagQcM6MD"
X-Provags-ID: V03:K0:/0c7i3Z346LLcS2BK46l1gdu9ojNMwxXK78RDbON6acDaxX2Qy0 LinW6uyATonucP5LNMFzeCJS1nLmLGH2CKhEa2YupB9k0NSuX5MGLSYNF5GhAriKlTg3MuZ mnLfNeWB8SVfjkAZswUIMrO7FYy8u6ML3MOEurhzkpZG8M++7j0MEwJVVdMjVm8+g97Q6nr bseCJvdI2SV5+CndkuagA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:z0emlpVuYLI=:3SuQfyocjfqMo72VMf0BPm g+MoqLe7VFV5w6j8fCZD97wscwSwZMfEGBtae3Ya2kHowZOkrcggh9PbQPvYYH7MEvrc7qZsu EvdUvnolSM+GYMmhU2NGmBAkkTDWKIhWN0sOgg00MdzhRvJW2fH8QGrASgxK6rh4+aPZ/mI4/ 2zPmOkY8v+Hwn9yQFhdaJNQYyp8GwbBl6Koo8Ex24YWWq7d9gOla5jWo4/9/MjP17UjxsXygj VDNczoT0OeM3axnKc4PTc7+DuuNBVXuHxhuty45c85s7XHYNwO8NqH5216L4fIK+I/OuvzouF 8knk51j7KAGtaDL73tZEz2bVeyXpLBxkFotYgvSjbWpjke6gFRl/EnowuSMKNlB2H/sZtLAMC B39WWm4FtERm4+8aAsA90ECyDK0/d3J2/RYCQpl9dEwc2bs7+5NwHxlab5AVgPfLMrn2OBOw7 0U5VNA2GDmUzSZo1NE0E7auzRjf76m0qICTGUuctVNRoqm+Mh2hPIAJoC+aiZ7hxCEpp9p5+y V7K6KUJC9RCkCyWN1VZ62lUuLeXkeN/6GiHUfNdV9yeVjxwhmEoz7+IYl2tVYfQAye1XAstso FncmH1Nnyul+ArNOo65eqRO/UUEkgH28GWZE9Ngv/ZLlwmJyAiCDFwTrOCp46cNr3kJ3T6sT3 +Vf4EoBVvSR52VI0u7v6lysnyJ+aHDXjv2AMe0wCXYDflSQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/690Hmj7cFop710Mt4p9WYE2oQGM>
Subject: [Dtls-iot] Secure Time
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 11:23:40 -0000
Stephen wrote: (9) 14: And also - if you RECOMMEND to sometimes use ServerHello.Random for "secure time" then don't you have to say that that's only to be used after one has verified the server cert/knowledge-of-PSK or something? Otherwise any old fake server could send me a time value then bail on the handshake, and I might set my clock to that. (The bad effect there is not related to certificate revocation btw, but more e.g. DoS for sleepy nodes or application layer nastiness.) I believe that this is what mathewson-no-gmtunixtime said. I will double-check but depending on the outcome of the discussion on issue 31 http://trac.tools.ietf.org/wg/dice/trac/ticket/31 this new issue might not need any additional text...
- [Dtls-iot] Secure Time Hannes Tschofenig