IETF Logo Mail Archive

Re: [Ntp] Of Roughtime's algorithm agility, and host attestation

Watson Ladd <watsonbladd@gmail.com> Sat, 27 July 2019 05:58 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09E1F1201D5 for <ntp@ietfa.amsl.com>; Fri, 26 Jul 2019 22:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B7i0_gtWC7SO for <ntp@ietfa.amsl.com>; Fri, 26 Jul 2019 22:58:35 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A445120140 for <ntp@ietf.org>; Fri, 26 Jul 2019 22:58:35 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id v18so53460928ljh.6 for <ntp@ietf.org>; Fri, 26 Jul 2019 22:58:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=sCFzhZub7F/yhIdUbqB4tCWgG1z/C86vSg8aqhvFNwo=; b=FiR5443tv3J9Z4pKMq9n0RRLKQDFlAq6SMghEUzWVKmCbK7rJ5Xi0dL7OZnT+Ud6r2 EpVEkeGzkVp575oqwblUwBn3l/Dr7lTH5XPZu+yCp6O5zwFRX6UWsnTtrg+Wps1Wv33V nZTl5aG8GZ3ukMeeMcFtZ9Cw4/bFT+VOWbKE4GQMbboFWNfFbjv+lgwBpgQMh3u/uPEE 44/Oky28w2GRP+QFk/YcIgTJUSbJN6zJIhPtE6+/u7rRAuc99q6WZBRSfgYxqHSaV/mh YCmOvWaElQWN/5qpXqgP1F4EWZ40pJ05/a74p70xOezu4Ih9e/6fayB7Y2ZB4S/TjheC MNwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=sCFzhZub7F/yhIdUbqB4tCWgG1z/C86vSg8aqhvFNwo=; b=kk0rsnxHGhM2/Mte3sOuMa0NFXP4mQs8892wY0/eAnG+CW+mlBCgYLEn2t+8rFUiNh VCF/j41k9ObpRwOVYj5Hen8Ch6DLHMwp4m2gWr8t1bAI67QWLiC/1S3gfrRZX3zNxq7N 71te4hx+pXayZELcR9hNE6Bi1mKIuX7aC7u5UNNZKXt1wp+GTDpR/5egTO331WSbK+Ki M65NcIWAnCV32/5LYg0zp9mimQr//VBzy4XPdAenKgBap+L3wsHdH2TObX9rLyU+fJuM 0HsP1aCzlVTfgvbd7x2Y5FKgC9TOYp6+Q8ENY7wG23S8rnXschiz7QWxwhp0Fv8PWXsT 7tyA==
X-Gm-Message-State: APjAAAXGIqUNPuSYAuAlMR2I0e/PR6Ch3jVXxpeFYS+XmoaTicyXvc0S KI1HF88fccX9EOf9QulNkA13IfqoE1zUBuk9QEY=
X-Google-Smtp-Source: APXvYqz1FFu/ekIJJ5rhIZiuHeWV8EEcrKwWUt7xmK/+oeP5rrRzmzoDcvTa/gNMRbPZJjgoL3jLuFisWzc+xLMpmTE=
X-Received: by 2002:a2e:890a:: with SMTP id d10mr52106075lji.145.1564207113493; Fri, 26 Jul 2019 22:58:33 -0700 (PDT)
MIME-Version: 1.0
References: <07725d0b-74ec-ec92-70fe-e27f0c4eee8c@gmail.com> <1564190434519110001_8FF0F819-5F81-41B3-A7F1-B4E97E22E0F7@akamai.com> <3C2EBBE8-3970-4B8C-BFE4-BB7F247EF7C3@deepdivenetworking.com> <12978B33-9014-4DF4-A372-88DBCE4BB167@frobbit.se>
In-Reply-To: <12978B33-9014-4DF4-A372-88DBCE4BB167@frobbit.se>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 26 Jul 2019 22:58:22 -0700
Message-ID: <CACsn0cnwUe=dDuyA3QC7ODfYUdHnPZuzuAmNp7S5yG-rmq8Lng@mail.gmail.com>
To: Patrik Fältström <paf=40frobbit.se@dmarc.ietf.org>
Cc: Robert Nagy <rob@deepdivenetworking.com>, "Salz, Rich" <rsalz@akamai.com>, Thomas Peterson <nosretep.samoht@gmail.com>, NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/SVtaYNn4bGy42_fnV0IniH0yt0A>
Subject: Re: [Ntp] Of Roughtime's algorithm agility, and host attestation
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2019 05:58:38 -0000

On Fri, Jul 26, 2019 at 10:51 PM Patrik Fältström
<paf=40frobbit.se@dmarc.ietf.org> wrote:
>
> On 27 Jul 2019, at 5:05, Robert Nagy wrote:
>
> > This seems within the use case of the already existing TLSA records in DNS. Unless I missed something.
>
> +1
>
> Don't create anything new.

It seems people are misunderstanding the trust relationship here. The
goal is to have publically observable, auditable performance and
identities tied to that. So it makes very little sense to link these
identities to another naming system, but maybe this is a better idea
then it seems. In particular public keys really shouldn't change: that
could permit the laundering of errors, which we very much don't want.

>
>   Patrik
>
> > Robert Nagy
> > CEO/ Senior Dive Master
> > DeepDive Networking, Inc
> > C: 408.480.5133
> > www.deepdivenetworking.com
> >
> >
> > Sent from my iPhone
> >
> >> On Jul 26, 2019, at 8:20 PM, Salz, Rich <rsalz@akamai.com> wrote:
> >>
> >>
> >>>   To answer the first point, one suggestion by Erik Klein[0] is to create
> >>    a new DNS RR type that includes the long term certificate of the
> >>    Roughtime server.
> >>
> >> Look at https://tools.ietf.org/html/draft-nygren-httpbis-httpssvc-00 which attempts to provide various useful information. One possibility is a "cert digest" field.  Certs are generally too big for DNS, only keys appear.
> >>
> >> For crypto types, re-use an existing registry and profile it to make things MUST NOT.  There are various options, including TLS, JOSE, etc.
> >>
> >> _______________________________________________
> >> ntp mailing list
> >> ntp@ietf.org
> >> https://www.ietf.org/mailman/listinfo/ntp
> >
> > _______________________________________________
> > ntp mailing list
> > ntp@ietf.org
> > https://www.ietf.org/mailman/listinfo/ntp
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email