Re: [Ntp] Splitting the Roughtime draft?
Watson Ladd <watsonbladd@gmail.com> Sun, 31 January 2021 21:07 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F5A03A1250 for <ntp@ietfa.amsl.com>; Sun, 31 Jan 2021 13:07:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4AU7dBWY80o for <ntp@ietfa.amsl.com>; Sun, 31 Jan 2021 13:07:22 -0800 (PST)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF7CB3A1228 for <ntp@ietf.org>; Sun, 31 Jan 2021 13:07:21 -0800 (PST)
Received: by mail-ej1-x634.google.com with SMTP id bl23so21186826ejb.5 for <ntp@ietf.org>; Sun, 31 Jan 2021 13:07:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=niZlMrjVO+X7t4gLx8xegFMaclolabXXI8MuJR96xNs=; b=Fp6kU5rQnd1wQvdBjNZQJ33NUisfcIlF7DCr0kYvAuvcl+5BvtISUIpd/8ltfjD83b rMiaIDA+RApZicu3f1kZxm88HDQD0xF0yQT/NPPz00DkiW46YNsCQJQM2lFkEYGG+EzH O7I7J+2mm5HpIEuC6ZYTdQ1Ns3VnuaMjHFFZ1tSAurbtE8IJQqp0PdRjOmROZeIbwv+4 c6QGWzk3rdG/rluxwnVtzhwq93ImZlNt0atQU62zQbMziOyJgi/gvIg2+B6FMtwI1egx WCc2vKrgrEGNMiCZnOMyIEJDL84Ko7eXWXgt6XgqT6Td4uU099lBSKK4SYN9gfQJrE7J 48hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=niZlMrjVO+X7t4gLx8xegFMaclolabXXI8MuJR96xNs=; b=HwfAYK7x1h52FqHox9g/OP5Pc23MHruBrTga6heyAUWKdeeE+k24hx0dw88DEJ8Xfk O+bBfZJHHAAJAL32UTj7zdCB6eu9csjGyxkyT8M5AYoHVZIDf6oySDeP3HkQgNWBHkMU wqANSUBZMo9U/UXtzQtV4NhlR8sGE2XFE7UDwKxaMqEo1BX/SPVmC2sIwe9TNaHz/1uM d9sNAzF7cR5rtjAX8diL9r1FgCshLLseuye0OyG9fZ/HVX5AgHMtU3T0JWXmqRLUm4MI 1ZIwsH0oqj5FNp1Koo4KtCG/i99qHl5kmg3ZRJycOJ4RiFD+XpH956HJRBjI/748Htmk 1glQ==
X-Gm-Message-State: AOAM533A4jD2BkA7xkIrct9g0tL3eB8QAdyz9rwmJbBGAu/nUUlRWqpO rBDax+qBs/mT6cPGyQkcV3/sk3hwfSvebeUlo5s=
X-Google-Smtp-Source: ABdhPJwIIUlKvNIiK44rOpXK+2HnXMDXS8vvOd3+iQLPHEb/QlSfGiTPT2eGKZ1pTgSmskB5Qf/BVj+nKY27kziEOiY=
X-Received: by 2002:a17:906:3a13:: with SMTP id z19mr15198740eje.317.1612127240102; Sun, 31 Jan 2021 13:07:20 -0800 (PST)
MIME-Version: 1.0
References: <20210131090607.ED116406061@ip-64-139-1-69.sjc.megapath.net>
In-Reply-To: <20210131090607.ED116406061@ip-64-139-1-69.sjc.megapath.net>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sun, 31 Jan 2021 13:07:08 -0800
Message-ID: <CACsn0cnsf1_EB+omX9t4rpc5VbY7Akybs=XiPHnpkv3AeHGgsg@mail.gmail.com>
To: Hal Murray <hmurray@megapathdsl.net>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/2Vtwg7WUNP0eeqNAeWU6wf81D_0>
Subject: Re: [Ntp] Splitting the Roughtime draft?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2021 21:07:24 -0000
On Sun, Jan 31, 2021 at 1:06 AM Hal Murray <hmurray@megapathdsl.net> wrote: > > > marcus@dansarie.se said: > > I think we need to be very clear about the fact that all trust in Roughtime > > is rooted in the long-term keys and that they are expected to be valid for a > > very long time indeed. > > How long is "very long"? CT logs are active for one year of certificate expiry, but that's due to log growth causing issues. Roughtime keys could be used for multiple years, although shorter lifetimes would force updates on clients. I'm open to suggestions. > > I've been trying to figure out how to use Roughtime to get NTS off the ground > when the time isn't known/trusted yet. If it needs long term keys, is there > any advantage to long-term Roughtime keys as compared to trusted certificates > with a long lifetime? You shouldn't bake in ecosystem.json and expect this to work securely. The benefit of roughtime is that malfeasance is detected, hence updates can remove bad servers without much trouble, and it readily provides enough accuracy for X509 validation. Set and forget with a limited number of servers doesn't enable those ecosystem benefits. What we observe in the browser world is that even 24 hour windows of validity are problematic for clients due to inaccuracy, but a few seconds of accuracy is just fine for X509 validation. Sincerely, Watson Ladd > > -- > These are my opinions. I hate spam. > > > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp -- Astra mortemque praestare gradatim
- Re: [Ntp] Splitting the Roughtime draft? Marcus Dansarie
- [Ntp] Splitting the Roughtime draft? Watson Ladd
- Re: [Ntp] Splitting the Roughtime draft? Hal Murray
- Re: [Ntp] Splitting the Roughtime draft? Daniel Franke
- Re: [Ntp] Splitting the Roughtime draft? Marcus Dansarie
- Re: [Ntp] Splitting the Roughtime draft? Marcus Dansarie
- Re: [Ntp] Splitting the Roughtime draft? Salz, Rich
- Re: [Ntp] Splitting the Roughtime draft? Watson Ladd
- Re: [Ntp] Splitting the Roughtime draft? Salz, Rich
- Re: [Ntp] Splitting the Roughtime draft? Watson Ladd
- Re: [Ntp] Splitting the Roughtime draft? Marcus Dansarie
- Re: [Ntp] Splitting the Roughtime draft? Hal Murray
- Re: [Ntp] Splitting the Roughtime draft? Watson Ladd
- Re: [Ntp] Splitting the Roughtime draft? Watson Ladd
- Re: [Ntp] Splitting the Roughtime draft? Hal Murray
- [Ntp] Antw: [EXT] Re: Splitting the Roughtime dra… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Splitting the Roughtime… Warner Losh
- [Ntp] Antw: Re: Antw: [EXT] Re: Splitting the Rou… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Splitting the Roughtime… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: Splitting the Roughtime… Magnus Danielson
- Re: [Ntp] Splitting the Roughtime draft? Watson Ladd
- [Ntp] Antw: Re: Antw: [EXT] Re: Splitting the Rou… Ulrich Windl