Exact timestamps may be bad

David Shaw dshaw@jabberwocky.com
Mon Jul 29 17:47:01 2002


On Mon, Jul 29, 2002 at 05:12:21PM +0200, Volker Gaibler wrote:

> On Sun, Jul 28, 2002 at 11:16:36PM -0400, David Shaw wrote:
> > Another way is simply to always use the same timestamp, which is
> > doable with either OpenPGP or the older style signatures.  I think
> > this may be better than adding some skew to the timestamp since (as
> > you mention in one of the bits I've snipped) if Alice sends many
> > messages with the same skew, Eve may be able to get some clues about
> > the window size.  If zero is used for the timestamp (i.e. 1/1/1970),
> > then there is no way to even get a guess about the real setting of the
> > clock.
> 
> either way there would be the possibility of a replay attack.
> So Trent should sign Alices mail (also signed by herself without
> timestamp) to confirm that he got the encrypted message (with timestamp)
> from Alice that date. 
> 
> The communication from Alice to Trent is encrypted and so there must be
> TWO timestamps inside the encrypted message: One to prove to Trent that
> the mail really came from Alice (with timestamp to prevent replay) and
> one inside this "Trent-signed"-message without timestamp for publication
> in the public forum. The encryption and "Trent-signature" are something
> like an envelope to the without-timestamp-signed message to be
> published.
> 
> When using more remailers then everything has to be sent with timestamps
> except the innermost signature for the public - assuming that the
> remailers are trustful enough to give them the timestamp information in
> the envelope, but I think we're assuming that anyway.

I tend to have an allergy to trusting anyone but the sender for this
sort of thing.  What if Alice were to increment her timestamps as she
goes - that is, first message use 1, second message use 2, etc.  That
should defeat replay, and also hide the real clock value.  The
timestamp field is 32 bits, so she can send quite a few messages
before it rolls over.

It's somewhat of an abuse of the timestamp field, but who's to say
that Alice doesn't really think it's some time in 1970? ;)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson