IETF Logo Mail Archive

Re: [Ntp] Circular dependencies

Mark Andrews <marka@isc.org> Sun, 17 January 2021 10:11 UTC

Return-Path: <marka@isc.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11CC53A0D7A for <ntp@ietfa.amsl.com>; Sun, 17 Jan 2021 02:11:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VAZ8jGGc1bwx for <ntp@ietfa.amsl.com>; Sun, 17 Jan 2021 02:11:05 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C334E3A0F61 for <ntp@ietf.org>; Sun, 17 Jan 2021 02:10:43 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 7805B3AB0CB; Sun, 17 Jan 2021 10:10:43 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 69D5A160046; Sun, 17 Jan 2021 10:10:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 4F1A516005A; Sun, 17 Jan 2021 10:10:43 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmx1.isc.org 4F1A516005A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1610878243; bh=y6eWPGsPI5udqwrHgmGontzBUrrVnj4UjCVyYhwPScI=; h=Content-Type:Content-Transfer-Encoding:From:Mime-Version:Subject: Date:Message-Id:To; b=QLKMfoaEBaQCoMR1mxfh8wWfulpSiWO3o4XThS8FXSSjXjfEVO1eQY4BWWOI8dIYy 8f1itYaa6b2t85uu9SY7gwrZ3t6oan2v/S+aXXPQx6734MTThuzai56APMQk9AZlkZ a2qL+IQNoCFZgRukzLL18mfJATGmvoVfFKOcrWFM=
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5Z2dHVljDrHr; Sun, 17 Jan 2021 10:10:43 +0000 (UTC)
Received: from [172.30.42.84] (n114-75-69-161.bla3.nsw.optusnet.com.au [114.75.69.161]) by zmx1.isc.org (Postfix) with ESMTPSA id 0A884160046; Sun, 17 Jan 2021 10:10:43 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Mark Andrews <marka@isc.org>
Mime-Version: 1.0 (1.0)
Date: Sun, 17 Jan 2021 21:10:38 +1100
Message-Id: <61B0A79E-FFED-494F-B7FD-60BEF7F61B62@isc.org>
References: <20210117092013.B441540605C@ip-64-139-1-69.sjc.megapath.net>
Cc: Warner Losh <imp@bsdimp.com>, NTP WG <ntp@ietf.org>
In-Reply-To: <20210117092013.B441540605C@ip-64-139-1-69.sjc.megapath.net>
To: Hal Murray <hmurray@megapathdsl.net>
X-Mailer: iPhone Mail (18C66)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/66YQlHahOwEK0jrbghXYihf4QRU>
Subject: Re: [Ntp] Circular dependencies
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2021 10:11:10 -0000

In practice DNS does not need precise time.  Implementations know that validators and signers are NOT using precise time. BIND for example signs records with a time stamp a hour in the past and records are supposed to be replaced days before they expire. 

-- 
Mark Andrews

> On 17 Jan 2021, at 20:20, Hal Murray <hmurray@megapathdsl.net> wrote:
> 
> 
> imp@bsdimp.com said:
>> Yes. There are many challenges. Making precise time a requirement for DNS in
>> order to get the time is not a circular dependency that should be undertaken
>> lightly. 
> 
> Should we write up something on this area?  Is there a better group?
> 
> Is this one area or two?  Circular dependencies vs long shelf life?  Or are 
> they tangled?
> 
> --------
> 
> I think a reasonable battery could drive a CMOS clock for 10 years. 
> 
> I could imagine a certificate and an IP Address good for 10 years.  Maybe 3 of 
> them so you can survive if one breaks or out vote the bad guy if one of the 
> root certificates leaks.
> 
> 
> 
> -- 
> These are my opinions.  I hate spam.
> 
> 
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email