IETF Logo Mail Archive

Re: [Ntp] Circular dependencies

Daniel Franke <dfoxfranke@gmail.com> Wed, 11 November 2020 22:42 UTC

Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9F9C3A11A7 for <ntp@ietfa.amsl.com>; Wed, 11 Nov 2020 14:42:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zvyMJi4-nE_4 for <ntp@ietfa.amsl.com>; Wed, 11 Nov 2020 14:42:49 -0800 (PST)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 213043A1187 for <ntp@ietf.org>; Wed, 11 Nov 2020 14:42:49 -0800 (PST)
Received: by mail-yb1-xb2b.google.com with SMTP id i193so3457676yba.1 for <ntp@ietf.org>; Wed, 11 Nov 2020 14:42:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9rGb/lSEtCHRlGXk9PTd6Sy2f1ygBkbBRFNu769r6/s=; b=ZjDVFNZjZ0vhd1LGg/fmMb59/eeS84LORXxdqPKyYKBXHQPiNtmebzW8Nj5ZnnbqGJ gQfH9VI4M09XEkLqulNxepIKM0GKO5WFIlpD8bKeZDOjVp8+5HA6wZ4TnexLyZZ06dy8 lwCM7y3jeMwHfPrwT0DKf7ODi7HmJMbW4a+3aFVEDC81tfanWL+I4YHUVlP0O3+FCfxo W8nsii0M0cjtvjGQiSgzrX6ednQGW4ZH88xnyoaO8BB68/e0ztMrIDNhXfTunuaZbW1s qWIh4nxEOT65sv4sAl2ZhKjgLXxcqaeCkUH4b1Cxh+y1ZmNHNqi48Dud9GIbGHBH/S4x 3wMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9rGb/lSEtCHRlGXk9PTd6Sy2f1ygBkbBRFNu769r6/s=; b=bsdFPHhQpmhJphh5TxosYbcXFKkyfZilnY0kygyfkugfn+Zq5FP+92kJfVUh3JXDW1 rdFgh8CJVTYAps4mr8Kyoje+bScYYlAdIqOD1BFdO1XvAXsGJQuiGCwRDxN8BHVA9AZW bzm+8wQhczNYuLhMh3K4ARQzd5Jla4jsaEieq5GOVuYbOSAuxAI6fxY4TJnAEugIaMW4 fJJWwsEeJhtt1/+81RmbPiSBAgffHVDIsc1rrkn7nODHAgNe+qVMnw0CQyEZnXptUs2G ct/iC9zQ6CfZ+3Ji3YXYia+S92hO4ba7FbPJAzGxHBSoSbHYFIt7xKGIxxHXJ3mhoE7X dGkQ==
X-Gm-Message-State: AOAM533ZWOxgo/wdkgB1AOK9Tbk+Ud4YJqM+wP94InQG3ADgInB5Jo8E nmj2YGkITfYYqEmmMYxIDwuzfODwPmPWZr0/BTc=
X-Google-Smtp-Source: ABdhPJwZfJ3YxgI0R4ZrDgk6TD6phe988gmUoTQFw1ZZRqcyUnvQ/IArKzjD0rOhRMnX079l9DzfVhGIvOtDYIjkbX8=
X-Received: by 2002:a25:2343:: with SMTP id j64mr498961ybj.300.1605134568280; Wed, 11 Nov 2020 14:42:48 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0c=Xu31KyHu8+uq+fKBMVRt+YaJGZCfSn2ph1WXfm2atHw@mail.gmail.com>
In-Reply-To: <CACsn0c=Xu31KyHu8+uq+fKBMVRt+YaJGZCfSn2ph1WXfm2atHw@mail.gmail.com>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Wed, 11 Nov 2020 17:42:37 -0500
Message-ID: <CAJm83bDti28Yk0iiq4VQ-58_sdXYqhukefk3n8e2VCu5u_0XOA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/7vOrGncvPgepMRTyBe-wwkelhjY>
Subject: Re: [Ntp] Circular dependencies
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2020 22:42:51 -0000

Is there something wrong with "don't do that" as a solution? Nothing
in NTS relies on or benefits from DNSSEC, so there's no reason to
validate it. If the system resolver validates automatically and
there's no way for an application to ask it not to, then the system
resolver is (temporarily) broken and will need to be bypassed.

On Wed, Nov 11, 2020 at 1:04 PM Watson Ladd <watsonbladd@gmail.com> wrote:
>
> Dear NTP WG,
>
> I just realized there is a mailing list bug report that's a lot more
> interesting than it seems. They have a DNSSEC validating resolver and
> were using an NTP daemon to set the clock (and the RTC was busted) But
> the time is needed to verify liveness of the signatures for DNSSEC to
> validate, and without the names don't resolve, including the NTP
> server names.
>
> This is probably a bigger issue with NTS, as certs with IP addresses
> are harder to get. Roughtime can use its own keys, but does still rely
> on the DNS often, so it won't necessarily be a solution. Any ideas?
>
> Sincerely,
> Watson Ladd
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email