Re: Predictable Internet Time

Phillip Hallam-Baker <> Thu, 05 January 2017 16:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 73E0C129B5D for <>; Thu, 5 Jan 2017 08:03:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DDoqBxIjswFh for <>; Thu, 5 Jan 2017 08:03:50 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AFEC01295BC for <>; Thu, 5 Jan 2017 08:03:49 -0800 (PST)
Received: by with SMTP id c85so251744235wmi.1 for <>; Thu, 05 Jan 2017 08:03:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=OilDf9xH7/CRyjFjmDEL6w6FhFJOmbMi7MzHL9HEDqc=; b=a4XXGFSNdZ1YSwIv7KyQP5vZVNkjfChoAFDGeH9G0EdEBtGM+WwjHQI24lYT6ZA+tX 3N0tavuAGZ6k5q+v9kLaShBT9gMRX4rxa+74UCFNl1uIED7ysa9lIu7clgznraYrJ76b pCBZTiWW5wWHzlI3VlF0O/venWdNJx4gnIewYWD3hj8L8TKt0dp0uKOxBt6D9VDFzRuZ uYnkaKt7hInn9CGM4k7B9WcYWaAGwIM2c241iR3PfzEQAt/2Y1cTDNY8fNBlb9CjcSdE p6ydOZPxaQOP/i0jtss1gD+QYy/jCZjpIAvP1bQpvkZL3guzrZDeCRxZDDf99cM+Q0GQ Tbeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=OilDf9xH7/CRyjFjmDEL6w6FhFJOmbMi7MzHL9HEDqc=; b=neHCvcXNKgJugpe2I2t4lsEJnxWhtzyrMEQaZ7kQUfCIPc8wYEg7imQGWdqq5+CZY/ IJlr8UND9OzEm/N7ccL3PSpcuR9RQdD7M3KqcLnXxJ+zTOpQuxC3PG+TrxzC3vDIKyrL s2sZIJBLhEpETeXtoJod909MrvrC4LO12uFxLu9YWEnbsFLdwOo9NmsgS8w+VTkqiAfL SePdIxJezl5AGxiS7ubqW+baJYQGMNu8x3GepVlSF3OpeUp+qRP8f9Zp+35f7ez5YoCC shOtW+D6DQfegxPQoZAo0RWMyZ5luUkCDPM5oqxxNQMRGX3MP1sIWGNmb4GDdVlTSPlt qBQQ==
X-Gm-Message-State: AIkVDXKECfjihFyvwdLQJd5NE9n1dCVHvoxohf9VjaFsLPQ/O4pPlKONbKHujBzOf2WZGwMNu9PMIggKTk7GdA==
X-Received: by with SMTP id 3mr5841961wmu.9.1483632228126; Thu, 05 Jan 2017 08:03:48 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Thu, 5 Jan 2017 08:03:43 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <>
From: Phillip Hallam-Baker <>
Date: Thu, 05 Jan 2017 11:03:43 -0500
X-Google-Sender-Auth: g7_OWI_9OdSH5ftxSKDN0PLO1Iw
Message-ID: <>
Subject: Re: Predictable Internet Time
To: Leif Johansson <>
Content-Type: multipart/alternative; boundary="001a1145aef0ef614e05455b0b25"
Archived-At: <>
Cc: IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Jan 2017 16:03:51 -0000

On Thu, Jan 5, 2017 at 8:35 AM, Leif Johansson <> wrote:

> > *​ The governments will do whatever their banking and broadcast sectors
> > tell them.
> I doubt this statement would turn out to be true (since agreements on
> standardized units of measurement is somewhat older than the interwebs
> etc) but mostly I don't see how the political mess you propose is worth
> the "win" of not having to deal with the odd leap-second now and then.
> I could think of tastier fish to fry - for instance a way to do secure
> time at Internet scale.

​That was the reason I decided to kill the unpredictable leap seconds in
the first place.

As with many Internet infrastructure improvements, secure time isn't very
interesting on its own. It is interesting but not interesting enough to get
people to deploy.

Instead, I propose a one stop shop for all trust services:

* Trusted Time
* Trusted DNS resolution
* Trusted trust broker (c.f. XKMS, SCVP, ...)

I call this a Mesh portal.

The idea being that every Internet device that a person owns can be
connected to the ​Mesh portal of their choice that will serve as a one stop
shop for all three.

Note that trusted does not mean trustworthy. I certainly want to limit the
degree of trust required to the absolute minimum.

For trusted time, I would want the Mesh portal to run a local linked notary
log (c.f. blockchain) that would prevent clock rollback.The portal would
also run a notary service allowing transactions to be protected against

So the local notary log would operate on a time interval of a minute. Every
15 minutes or so the Mesh portal would cross notify with a random selection
from a set of peers. Every hour the peer group would cross notify with a
member of a Meta notary set.

In this way the time is bounded as follows

Accurate to 100ms or better:
    On the authority of the portal alone

Accurate to 1 minute or better:
    On authority of portal with qualified accountability to relying parties

Accurate to 15 minute or better:
    On authority of portal with unqualified accountability to peer group

Accurate to 60 minutes or better:
    With full transparency

​Changes in the definition of time are driven by two things: technology for
telling time and the use made by technology. The time zone system we use
today has its origins in railway time developed by and for the railways.​

The type of application I would see this being used for is for notarizing
digital evidence during collection.

Right now, I am still at the design stage. As I said, I don't think this
system provides sufficient value on its own but it could if combined with
other purposes such as payment transfers etc.

The main reason I want the system is actually to service a next generation
PKI designed to service client side keys.