Re: [Ntp] I-D Action: draft-ietf-ntp-roughtime-08.txt
Watson Ladd <watsonbladd@gmail.com> Sun, 22 October 2023 18:43 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F870C14F738; Sun, 22 Oct 2023 11:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oaKSoWNG_Tsa; Sun, 22 Oct 2023 11:43:11 -0700 (PDT)
Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88781C151069; Sun, 22 Oct 2023 11:43:11 -0700 (PDT)
Received: by mail-il1-x131.google.com with SMTP id e9e14a558f8ab-357cea96a40so3504875ab.0; Sun, 22 Oct 2023 11:43:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698000190; x=1698604990; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=LbX4zvxjzScnrGAm3OeA34Eehb2u5/QoahBysoC9maA=; b=IVc0zStW5FbKAiOO0EaK8hIixPUYuF+rbzEn8Fq+xBa59F7Znxm/yNKI15XuM/H7md pmH54b5RlowPLrFb0e97Og49N+2Q/WYYCvwjtmN3qfM4q+ZLTcNJU+Ml0Zah0/dOvT46 EL7qhcl3am+v2gr6oaE8FoN3yMFvWBLSi2PQlQ/j5UkHA23CY5nIX3/ejSwVBBE2urQc jWVTv0UskUVgpEn4JwE0Isa1cKOMMAWjnpBbn5bAiF3VRIiHdFCwDlYyYtfoUiOTZ1xL nWnxTW5AGzp+mqS0meGcgccimOsVLr0fhKdW5vje3Fv0ekrpULdbD/CEEj7gY78q2DHm lTag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698000190; x=1698604990; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LbX4zvxjzScnrGAm3OeA34Eehb2u5/QoahBysoC9maA=; b=qUppFJJ643+uqRjjY1U83TOEFo5VjebhO66EO8Bkclsb6GIpkJltN6FXHB6vy3wjhV JXu2H1gJKUK8KvQu35O48fyhRO8a+lyzOjqs4B9Hql7QomrVde77X1Uyl+IkInZWCIUY nVFQpTrTL5zqtiOMvAdbtQbAA2GMTyGn0G96xs4nZ6rfxWjoMxjL656e+6HODkJ3fWw/ A24QiVBGwS/bIWuQ30N2VsgutndYJOyxpbIt0kmsEyhyIxN2x4hx5kSufDiY1l7Ncwac zZ5iYR2ZgvTtsVkcQDD7dlx4n/vj35nQtv3Ciz6uqNn5GuWvfORqsjqTVY49esQvgRhl cd8g==
X-Gm-Message-State: AOJu0YzKuMkHvD8hYM6QOub+8IfSifjCn89MxanjWjY2Jqiqr6PJBdSu WBLEk2NJfrPlbAYK3s2PSFzWsD1i/5bwd7orT6jvt8on
X-Google-Smtp-Source: AGHT+IH4ALQcxT7yg2JMz+M8UoqR5r5Xp8zOIqlkqWtiKV63E4Dk0wrnYS8vbytOCiInFwvrscKwQYkQBvbdf9O1uWw=
X-Received: by 2002:a92:c906:0:b0:34f:77bc:8d49 with SMTP id t6-20020a92c906000000b0034f77bc8d49mr8095916ilp.23.1698000190263; Sun, 22 Oct 2023 11:43:10 -0700 (PDT)
MIME-Version: 1.0
References: <169766897083.19005.16520093276970985628@ietfa.amsl.com> <20231022112236.248CE28C245@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
In-Reply-To: <20231022112236.248CE28C245@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sun, 22 Oct 2023 11:42:58 -0700
Message-ID: <CACsn0c=rdBJL0Y2fcERuf9C4wEr-KHpsQj39ksGThKzJ2nUG3Q@mail.gmail.com>
To: Hal Murray <halmurray@sonic.net>
Cc: ntp@ietf.org, i-d-announce@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/CcMUzg5pbAtwCxJT7TX1-HVnWNI>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-roughtime-08.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Oct 2023 18:43:15 -0000
On Sun, Oct 22, 2023 at 4:22 AM Hal Murray <halmurray@sonic.net> wrote: > > > I think there are two ideas tangled up in here. One is how to get NTS off the > ground if you don't know the time. (NTS needs time to check certificates.) > The other is a way to prove that a server is lying or busted. Thanks for taking a look. I agree there are two different things here, but we can split later as an editorial matter. When it was originally split the second bit was too ambitious and small, and got neglected by the editor (me). It also had some issues with getting the envisioned environment off the ground, hence the much sparser text here. > > I'm interested in the first one. It's really hard to figure out what you have > in mind. I think we need both. Unless we're willing to completely trust a server to give us the time. > > The introduction says "Roughtime uses a list of keys and servers to resolve > this issue." > > Section 10 has a list of 4 servers with a note to the RFC editor to delete > that section. So how is a client going to find servers? The client will be configured by the OS vendor. It's solving the "new OS on old hardware with busted RTC" problem, akin to a root problem. I think I have text saying this, but maybe need to make it clearer. > > Whatever your plan is for distributing that list, why is Roughtime better than > just distributing a list of root-certs for trusted NTS servers? The webPKI makes design decisions that are incompatible with what you're suggesting. We would need to pin end entity certs, which is discouraged and they have 90 day or less lifetimes. Revocation information isn't published after expiry > > You didn't say anything about the life time of your list. I think the getting > off the ground area is worth some serious thought and discussion. The simple > case is something like a Raspberry Pi that doesn't have a RTC. The nastiest > case I know of is hot standby modules for Telco or SCADA applications that may > sit on the shelf for 10s of years. > > Are there other IETF groups working on getting off the ground and/or updating > things like root certificates? Possibly SUIT? > > > Section 7 discusses Integration Into NTP > > I'd be happy if you drop this section. I assume it's obvious how to use > Roughtime to get a time that NTS can use for checking certifictes. That's all > NTP needs. > > > You don't say where your delta or sigma come from. (They are probably > leftover from the part I didn't read.) > > Getting a useful PHI might be tough. Have you worked through any numbers? > (I'll say more if you want.) I think you need another parameter -- how > accurate do you expect your clock to be. > > Your "MUST use Roughtime" when stepping the clock is not reasonable. ntpd can > make small steps. (I had a reproducable test case. Downloading a big file on > my old, slow DSL line had enough bufferbloat to kick ntpd over the 128ms step > threshold.) > > My reading of "MUST use Roughtime" is to run it again, but you didn't actually > say that. If a small step is still close enough you could use the previous > Roughtime. I'll incorporate into the next draft, possibly dropping this idea in favor of getting an initial set and then using NTS. > > My thinking has been assuming that I'm using NTS. If so, why are your > Roughtime servers going to be any better than my authenticated NTP servers? > > That gets into the whole area of which servers to trust. I think that would > be a good discussion. That's the sort of policy design we kick to vendors, akin to PKIX vs. WebPKI (CAB forum, dev-security-policy, etc). > > > So on to proving that a server is busted. Why is the proof part important? > How would that fit into a program for monitoring NTP servers? It wouldn't because you only get information about Roughtime queries. The point is akin to CT: secure good behavior by making it public. > > The pool has a monitoring setup. Do you have any data from Ask? How often > does he kick out buggy servers? (as compared to ones that don't respond) > > --------- > > I'm working from a printed version of the PDF. > There are no page numbers. > The Table of Contents (second sheet) doesn't have page numbers. > > > Typo: > Section 7: "fall to far otside" > "to" => "too" > > End of Section 7: "may wish to" (at end) > May wish to what? > > Section 3: > "absolutely confident" > Absolute is pretty strong. I get suspicious when I see things like that. > > Section 8: Grease > I'm not familiar with the use of that term in this context. > > > -- > These are my opinions. I hate spam. > > > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp -- Astra mortemque praestare gradatim
- Re: [Ntp] I-D Action: draft-ietf-ntp-roughtime-08… Hal Murray
- Re: [Ntp] I-D Action: draft-ietf-ntp-roughtime-08… Hal Murray
- [Ntp] I-D Action: draft-ietf-ntp-roughtime-08.txt internet-drafts
- Re: [Ntp] I-D Action: draft-ietf-ntp-roughtime-08… Hal Murray
- Re: [Ntp] I-D Action: draft-ietf-ntp-roughtime-08… Watson Ladd
- [Ntp] Roughtime: Proving inaccuracy of servers. Hal Murray