On Tue, May 2, 2017 at 4:49 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Benjamin Kaduk <bka...@akamai.com> writes: > > >I thought TLS clients were supposed to have even worse clocks (in terms of > >absolute time) than Kerberos clients. > > Many of the devices I work with don't have clocks (at best they have non- > persistent monotonic counters), so I guess that's true in some sense... > This whole problem of needing client-side clocks, and having to obfuscate an age, goes away if we remove the ticket age entirely. Hopefully the security review makes a strong case that the age is fairly useless from a security point of view. Even with the age, an attacker can still generate millions to billions of replays. Even with very conservative numbers, e.g. to just one host, the attacker can still certainly generate tens of thousands of replays within the permitted window. Better to require servers to reject duplicates (when used with Zero-RTT), and leave it at that. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
