[Ntp] Re: Roughtime update
Marcus Dansarie <marcus@dansarie.se> Thu, 07 November 2024 12:26 UTC
Return-Path: <marcus@dansarie.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA096C180B59 for <ntp@ietfa.amsl.com>; Thu, 7 Nov 2024 04:26:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dansarie.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nRzbFZ7utNO for <ntp@ietfa.amsl.com>; Thu, 7 Nov 2024 04:26:46 -0800 (PST)
Received: from mail.dansarie.se (mail.dansarie.se [185.82.126.120]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B66AC180B47 for <ntp@ietf.org>; Thu, 7 Nov 2024 04:26:44 -0800 (PST)
Received: by mail.dansarie.se (Postfix, from userid 117) id AB1D47E11F; Thu, 7 Nov 2024 12:26:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dansarie.se; s=mail; t=1730982400; bh=jvJD0suzOePMUMB7LrHGmyfFSMbDsaIrzGZWiHCYcAk=; h=Date:Subject:From:To:References:In-Reply-To:From; b=Nd9M/QhXbnpmfnnPwxdVHASmKnKNyFqRSzE2AY4a9fp0+Mdw3oAfpYxTL5Bev6S+H uavrYT5wrIvoRUo9X9tURT49FegR4OxkwxwMq72JpAplPW9FrUVWzZz+eWuAqXQDWw dayrqT4hXiqmTHQIkkHt+UNSaMx4F+ZXRgP74vomWqkh10hjDth7uc8UFSQSc84qUh a+RoE4EVlC8mkLtVtx8a42f9JagocTaKRHkra4l3z/e0zvWWxkNcmrMpJ6/fx1QFBj wXJJTK+nV4uoYEl3meKNKh3dm6FFjmui7RN0/0/VUQIf2LorNm/RQRVL4hGSHK1MLB 8Igk2HFkbGtWw==
Message-ID: <95017ad3-3bf7-4bf8-9cb6-94c1bd99487f@dansarie.se>
Date: Thu, 07 Nov 2024 13:26:36 +0100
MIME-Version: 1.0
From: Marcus Dansarie <marcus@dansarie.se>
To: "ntp@ietf.org" <ntp@ietf.org>
References: <cb842889-ed9a-46e3-addb-0d509986b352@dansarie.se>
Content-Language: en-US, sv-SE
In-Reply-To: <cb842889-ed9a-46e3-addb-0d509986b352@dansarie.se>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: AFMW5IKJQYOOMIA52IXJCQGQWHJWKCUF
X-Message-ID-Hash: AFMW5IKJQYOOMIA52IXJCQGQWHJWKCUF
X-MailFrom: marcus@dansarie.se
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ntp] Re: Roughtime update
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/913PLGl89-fpL11i65effz-612Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>
All, I have now had a closer look at the interoperability issues between Roughenough and the other client implementations. The issue was not caused by different definitions of private keys, but by two bugs in Roughenough. The root cause of one of the bugs appears to be that the list of tags in the draft is sorted in the wrong order. I have submitted pull requests on Github to fix the issues in both Roughenough and the draft. In other words, it appears that all implementations are following the definition of private keys from RFC 8032. Nevertheless, we should probably add language to the draft to require conformance with that RFC. Kind regards, Marcus On 2024-11-06 21:55, Marcus Dansarie wrote: > # RFC 8032 and Roughtime keys > > During testing with Plummet, there was problems getting interoperability > between the Roughenough server and the Cloudflare and Pyroughtime > clients. The reason for this was identified as being due to Roughenough > treating key seeds/private keys different than other implementations. > RFC 8032 specifies EdDSA and specifies how private keys should be > generated from a random seed. In particular, certain bits of the private > key have to be cleared and one has to be set in order to prevent small- > subgroup attacks and timing side-channel leaks. Depending on which > Ed25519 libraries the different implementations use and how those > libraries are called, this requirement may not be met or treated in the > same way by all implementations. I will do some investigation and report > when I know more.
- [Ntp] Roughtime update Marcus Dansarie
- [Ntp] Re: Roughtime update Marcus Dansarie
- [Ntp] Re: Roughtime update Erik Kline
- [Ntp] Re: Roughtime update Marcus Dansarie
- [Ntp] Re: Roughtime update Erik Kline