On 05/02/2017 02:20 PM, Nico Williams wrote: > On Tue, May 02, 2017 at 02:17:17PM -0500, Benjamin Kaduk wrote: >> [ stuff about 1.2 elided ] > OK, sure, but why not avoid the problem in the first place in 1.3 by > sending an encrypted timestamp authenticator (sound familiar?). >
If you mean an actual timestamp, see my previous reply about clock accuracy. If you mean an encrypted relative time, well, that's what it is. The encryption is incredibly ad hoc, and requires that the key only be used once, but the whole thing started by thinking of it as a super-janky encryption scheme. See https://www.ietf.org/mail-archive/web/tls/current/msg20373.html and nearby. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
