Re: TCP timestamp starting value

To: tech-net%netbsd.org@localhost
Subject: Re: TCP timestamp starting value
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Thu, 21 Jul 2016 11:13:21 +0200

> Wouldn't a better idea be to compute HASH(cookie,src,dst) + uptime for
> some random cookie created at boot time? Essentially, you give each
> target a unique monotonic time base, without leaking any data about the
> perceived local time.
I thought about something like that, but then the peer would be able to tell 
when you booted (because the timebase changed). The elegance (or so I think) 
of using real time is that the peer can't tell a reboot from an intermediate 
network failure.
On the other hand, what's so bad about "leaking" information on my perception 
of UTC time?
Perhaps people concerned about privacy in this field should speak up which 
kind of information they not want to leak (and why)? To my knowledge, we 
don't want to leak uptime because a) you could tell how stable the machine 
is, b) you could infer that certain kernel patches can't possibly have been 
applied and c) you could test if some attack you just tried lead to a 
re-boot (which is what the attacker may want or may not want to happen).

Follow-Ups:
- Re: TCP timestamp starting value
  - From: Joerg Sonnenberger

References:
- A strange TCP timestamp problem?
  - From: Dave Huang
- Re: A strange TCP timestamp problem?
  - From: Christos Zoulas
- Re: A strange TCP timestamp problem?
  - From: Edgar Fuß
- TCP timestamp starting value (wa: A strange TCP timestamp problem?)
  - From: Edgar Fuß
- Re: TCP timestamp starting value (wa: A strange TCP timestamp problem?)
  - From: Joerg Sonnenberger

Prev by Date: Re: TCP timestamp starting value (wa: A strange TCP timestamp problem?)
Next by Date: Re: TCP timestamp starting value
Previous by Thread: Re: TCP timestamp starting value (wa: A strange TCP timestamp problem?)
Next by Thread: Re: TCP timestamp starting value
Indexes:

Home | Main Index | Thread Index | Old Index