On Wed, 11 Sep 2013, Russ Housley wrote:
The tlsdate program (with origins in the TOR project) makes use of this value
in the nonce portion of the handshake.
I think that the time is an important part of the nonce. Even if the
implementation has a crappy random number generator, the time value does a good
job of ensuring that the nonce value is not repeated. Obviously, the time
value does not help with the unpredictability, but the random value is supposed
to do that.
Note that tlsdate is a stowaway on board a TLS server. If we can
accomodate, then fine. But we shouldn't go out of our way to support it.
Between making tls less vulnerable to fingerprinting (which helps tor)
and supporting tlsdate, I'd opt for the former.
Paul
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
