IETF Logo Mail Archive

[Ntp] Re: NTS pools -- share keys?

"Salz, Rich" <rsalz@akamai.com> Tue, 03 March 2026 15:29 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: ntp@mail2.ietf.org
Delivered-To: ntp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 64F10C37A2C3; Tue, 3 Mar 2026 07:29:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdOq3Kifwmjy; Tue, 3 Mar 2026 07:29:07 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [67.231.157.127]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9A71AC37A288; Tue, 3 Mar 2026 07:29:04 -0800 (PST)
Received: from pps.filterd (m0409411.ppops.net [127.0.0.1]) by m0409411.ppops.net-00190b01. (8.18.1.11/8.18.1.11) with ESMTP id 6235G7bD3137153; Tue, 3 Mar 2026 15:29:04 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=A5wWw7CndxozbD4QOLV/h9 bN0vpEXnVvwXRjNV4iN04=; b=G+IzwwryEVJONLA719NyJdpuQa3NS8VE7kJjrV l7i4kaTmRlVoZ2eXhIPd82mkZSJquqvpTamBiRPKqytsLJg+puWYiuK6xIkIJCl1 ZvOXMjL7H+wzFiIZ+DAe7OgXOsbKqaGzvNUVTuA+2oPt3QWIppEIiVg+1+pW+JcU DSXLU7wxmbsXzKJ/k2ET0ZxSrzDgQKcnTJJwit2Anf+ZMk0pljwExDiDhZYVEfVr 6WvF3hAg/qLEk0Cqn7isyr1HnxDWDFBucc0b0qp7OTx2JAa3dbZQTCv+/7hcy4IT HGCRBAWriHHAd8x5KoSaN+Rm1A0uW39dRkEWSfoTl/KZnOSg==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61]) by m0409411.ppops.net-00190b01. (PPS) with ESMTPS id 4cmak597gx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 03 Mar 2026 15:29:03 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.18.1.7/8.18.1.7) with ESMTP id 623FJLJN030366; Tue, 3 Mar 2026 10:29:03 -0500
Received: from email.msg.corp.akamai.com ([172.27.91.40]) by prod-mail-ppoint6.akamai.com (PPS) with ESMTPS id 4ckx0mn180-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 03 Mar 2026 10:29:03 -0500 (EST)
Received: from usma1ex-exedge1.msg.corp.akamai.com (172.27.91.34) by usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Tue, 3 Mar 2026 07:29:02 -0800
Received: from usma1ex-exedge2.msg.corp.akamai.com (172.27.91.35) by usma1ex-exedge1.msg.corp.akamai.com (172.27.91.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.27; Tue, 3 Mar 2026 10:29:02 -0500
Received: from BL2PR08CU001.outbound.protection.outlook.com (184.51.33.212) by usma1ex-exedge2.msg.corp.akamai.com (172.27.91.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.27 via Frontend Transport; Tue, 3 Mar 2026 10:29:02 -0500
Received: from MN2PR17MB4031.namprd17.prod.outlook.com (2603:10b6:208:200::22) by CY8PR17MB6406.namprd17.prod.outlook.com (2603:10b6:930:70::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9654.22; Tue, 3 Mar 2026 15:28:58 +0000
Received: from MN2PR17MB4031.namprd17.prod.outlook.com ([fe80::4b85:d514:5021:bba7]) by MN2PR17MB4031.namprd17.prod.outlook.com ([fe80::4b85:d514:5021:bba7%3]) with mapi id 15.20.9654.022; Tue, 3 Mar 2026 15:28:58 +0000
From: "Salz, Rich" <rsalz@akamai.com>
To: Miroslav Lichvar <mlichvar=40redhat.com@dmarc.ietf.org>
Thread-Topic: [Ntp] Re: NTS pools -- share keys?
Thread-Index: AQHcqnS/IyI6RdhlZkyskt2uGUTsM7WcYCQAgACPIKQ=
Date: Tue, 03 Mar 2026 15:28:58 +0000
Message-ID: <MN2PR17MB4031B160A0795598AA4D41DBCD7FA@MN2PR17MB4031.namprd17.prod.outlook.com>
References: <MN2PR17MB4031013C8498471EFB61BD5ACD7EA@MN2PR17MB4031.namprd17.prod.outlook.com> <aaaFjpZaGyIRUWpl@localhost>
In-Reply-To: <aaaFjpZaGyIRUWpl@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR17MB4031:EE_|CY8PR17MB6406:EE_
x-ms-office365-filtering-correlation-id: 57d5d4a5-9282-4057-a695-08de793996d3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|38070700021|8096899003;
x-microsoft-antispam-message-info: fQ9aVnGCIp8jkaH5lteKcTMAYhrK5fsRI18kZ1YYiON0awaRK4A5K7IWIm+TdOwui7Mf64P4tKwbdw7Zw5rizDj+vsTACcQ8KD/3K3fma3N4d5QX+bn8z2wZ0//rJWm2vaIWb+exHkWtDoWEX0A7VpfkNGM92oUXeJ6zfXv0REaJPxevG4dviASsJnPjXKRbFlrNRZtFXQN/s+DhyQYmVDxUtc/sxdme67LNe57eUmzNTampT29ZpGfGJt18yQgE68bkiDXY84Oqdjr0BXxmu5SU/PWWFdJ/hhAwJLyLo2+6PmQmXA2iAAyiqzZ7q5o/j2RG6hyKpaNoWsmR23wD/rNXEQXM5eCO/10kEzvvyggkDTi/xGxJOH39J+MihkTrNWUzj3q6aT3s7wa+YLbMz6ZOQLTNE1LiS5wr3ZdI3zprAA4fp5bN4DvDA3GQ3l1sA957zu16zAec1MQvpPjXK7Ya44LGV7UC26W4Ls4x0bfMI+/+ruPJw+5I92dCUplW7hAW+HPtpVmbqQIxKEJJEOKkJus7uN9cRa5rLv14SqxAGf4Xmtia0wvbfIaal7+AqTjBJGYVeOAPNQj0Bhl82KoU7Ip82LhK9okAE4Q6d6f/o1lhcRxQbWQXjft/9I4wi6s2nwDRNbTaXJif150CBBf+QP2RJlHkEoZXmo/rt2kKwKQFy+ZfOP5UTiayfdqrcKeuq3GP3SvAQmtaRnBmNcI3tTIInJW9I6zzUBIWuTJJBJhnt3u3jvqswqNX7BEU4bciWa0FuOrLc94x4VYODjNjoUOB5jelYYLvMhUJDAM=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR17MB4031.namprd17.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(38070700021)(8096899003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: saHxtdHoS+Yx2YIscXLei8G8j5nfEDf/E7111r6+gR/4AoH69CNjYqOrXO3Mo/dPcVS6InUuBkZIm3EPWBnVgBGJgVd75V3wvpdk2nwroSEX75UTRsLKgeaUsXkGWAVpcnYOQeOMHeUJy6Ghmc+YGJ5oru2b5C0zxa1RAbhvtTN2+2tdHzC4XLK0YFuMYvbx404FvBrRzvYrBPBKH8iYh3nKpLVJZrTorp9ruxJTnxVmkw3CzvRTUPf0M11fpVEd2P69qOd8FBuVCWhH27Sq8+YQCHN98pTeQVDX8X62IeuTx2zaA0aZnEhp0py2edTBmNkLuga3iFJ57R6afjOnuaTaN6Vtl/PSjZqbi6HFwMBwkJ5bqDZm3lOecsb0AWzXDkrkDEypgzG8byxJMn94pAz/ohkL1ZhoERPr37Icx79TcYe+Cb7//a+O21D+JiwedwuWGVjnZ+aq71cGV5lnlkHRVto2eEoKNpDP1oMpvigDz9OjwCXsnfs02J/CiN+fsFrARVHzDDtuazONXL7pxr00V83pFHSEa132CtOsojELairoTaFICSAxoO9jYZVcfC4ikybUufj+terPvvBpzpO4gQvwczn8CdRuK+1T0i7VWZLyjcqTywy0xbdh+I7LYlC8JhhD9ecWPPt9HqfQNsWckoL5EGlQMWgo5sOw7Dp2cVZP4E75S2ZJ2K3Bwea6Yd2m7JvoeZKPOVIHnsvCm900Qd4L6g03fCRE348KowtDQBmrXhPm5GPg1L+9soD81SP0XWyUGndzEUJNqb3tGDenApxeXDyGenxd3FFhiftGJ6rmxZIcdqlbw0p5r7EZO/A15fR9FRtH8rWxQ/3SbXU/7PXi5Rka0BCRELyjR3dsiB43lK6m5tHvrBUw3S/6tVB4XitWBzLYrJGL5AfeFZcAlutOOg/0glxJbCZkktWTWmgC0zCGX7IsmLO74wpNm6EEtbWXlpQ+ZVB+00ESza7kU7lInaMkewyXsMr+56tTe/Rptb03AhywBTqqiFqClCgRCBhmjPfhRJyTgSJb+fxaNCXdAyW9F8Gk/n3q+8rhg+B9nouImNqrB78EUqqMLsDxZjU375/KU0DghgO9MsqYx55qKMNHMuLE446CnITzI+WYcen/NHkr2rwyzTFFLJViqGezNs4HHpvqIHSNLBUdztA9qs9vTERHl9ZraswXE8y0RSUy7OhZWTIM+0aAJWxpX0i9ZoIVOTXMuNj/keSF542I86BXxKf5xyLWxHJN32u7w68XS5P5MgHqOJOuossSa9RVvocf4g2VLHvid0AzLK0U2rJtJtAcGWTWXmr126yyiUijBRdyDoBZh57C+DuySle5XHe5wwP4vWhMkjrjSwmjiGEzyiR2G9uekvHP5/fKFaXGSXre1rfmTT6vESpIfaC9Q1zBLk2G/8wNbptSyRJyTrEcMpMZXrYSL+dFoxGby/PTV0S5oBI2ABXwCPAY7IIQEbIJlrDuPM0PyfFKXDCMPdvtB1G1jHRRnvMicxZQ0YhnK6bpRtXPomBJQZsDX0GU3awZY11OHNkHTcE8ECF8l5n0oYuJZlmOnI6K2+glIKrvYNnpboa1Tmp86MOz/+O+mnN8dZHwUu75GtMJaZfiVOj6lSWwKEmMfayF/QapRQTnJECo0RW2dw1dEXEQYhXeSI3OCg+NqAl2ylp1wMJd/Q40EmfpXZxXilBgM0WDXK1+BY38s+OVaJGdDvDFqrDU2nTDtisIpjK30xss8lmGGKvaHpWCuBJmcUoaMvlUmVEu9cYBiahgu0+/SG4uJjQK
x-ms-exchange-antispam-messagedata-1: Y1Z4tHPCsNVlYA==
arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Sg87HeNFEbF+uXU1A8c7NsmQW20mIFlCX35NZ7pQQLAfqtTFl4GhKxuI/VzofSJO09yy/Gkabq/T4kU2ZL+rHKkT78TqkkWLklqQ4LhSYueY0Rv6acqUkuoPET/voLnsj3KzZQa1ExCeGxXgDJoShsYQCD/AneFPgLVHaZE4wHkqbyI5ibX5qieFEEbut8Yj+CeooZbGoSpbIea/LO4TWN5vdtVZj7ZuJ3/8tjWaNTs56IOgU4A3HlIzBqrphN9xklSdx3L2qFubLfwJf+3yDxBPffIFNMK43oEp5kUdUgXBalcLPOMmBF+tKe4Q9ofsYGfs3/DpsqTQ4bggbY3xbw==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DGIWGs/uPVgViZV0kfgtD7HWEyPf0zbFF4fSiFZuosg=; b=C14pcdAIMa1SZHCjxk8rLHyyeGWrA4no0e3d/Tnx5pTuFrsLkGcpWRh0rDn+etCckciC9/Qy8optpG9oiK8wOuJPDKKRyCmynC777CFkoc09Csv8AgCI7Qsf5/ZukPo+n4ETgByUbxZroVUGumxvYA8ovrWw9Z8I7MtFSyabGfBx2s7JjqAsKvCkNyyr1Jjb7UoiqV0ZqWmFFqhzP6Y6DIbbJ4/tW76Rm6zDWTBaIUVwS39G7t7MGQ5+hsVizpwxOjbVkrFbd5rTR2Jm1c+sQbbSgcs5THV+DvfSsJeevCT+LDfPwet2qO/KB82IecncXWwvl/jRTUyfqVZHmnxicA==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=akamai.com; dmarc=pass action=none header.from=akamai.com; dkim=pass header.d=akamai.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR17MB4031.namprd17.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 57d5d4a5-9282-4057-a695-08de793996d3
x-ms-exchange-crosstenant-originalarrivaltime: 03 Mar 2026 15:28:58.3628 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 514876bd-5965-4b40-b0c8-e336cf72c743
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: oHkNG+gHnbo2isJ6pcS6KVQag99jTPpgcSqbQaZN7+ebidacd4vbCNhL44OGy/xu/HzKIg0y4BZqfFcRmtUCPg==
x-ms-exchange-transport-crosstenantheadersstamped: CY8PR17MB6406
Content-Type: multipart/alternative; boundary="_000_MN2PR17MB4031B160A0795598AA4D41DBCD7FAMN2PR17MB4031namp_"
MIME-Version: 1.0
X-OriginatorOrg: akamai.com
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-02_05,2026-03-03_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 malwarescore=0 lowpriorityscore=0 spamscore=0 mlxscore=0 suspectscore=0 phishscore=0 mlxlogscore=944 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2602130000 definitions=main-2603030122
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzAzMDEyMyBTYWx0ZWRfX2D+CBlumixMD e8KazyAXXM530LDiSJNPSY4SY5E/iy9skgVod66Pa85bGBXujE0SsmMGsa4cfRnccYrkxQ1/24W SC7KDFnPLraE1zBZfFjsRqN9YVNQAQbXtMVDhJMymoWcXfz8MOFEeHzGd64TB4NYOYuCk4qOqCS F5qg400aPfq/BXdRZBLbOnXLmbongJH6de34XBUwZXedtdElw8SExe9nArJ7MDj9tI0uPLXPQBh 0hzPQOVhuDkUPgvBUZ6lQsow2thHhSphKNkXKHbDLwgxmzlWseh2+8p9Vj3/hmSlzSNl47vvXwX szaCgburFgYXut4WlHFBgyNDoOfYckukRl10QWjEGJv6KsiueFpzthm3pz3myx/VGKyiZDAJQd+ eAyGGItKYAe6ZIQN1Ysu3XhOlLxMvgX6vFYPAm4B+Lu+EyfwzPfyvjU31YkfmWLtjf0MSGwiASe m5H4hibuVnVqFP1WfjA==
X-Proofpoint-ORIG-GUID: aeSFRBoWnCHtOfbnQXW3OJOIVB1SY3RR
X-Authority-Analysis: v=2.4 cv=YcywJgRf c=1 sm=1 tr=0 ts=69a6fe40 cx=c_pps a=WPLAOKU3JHlOa4eSsQmUFQ==:117 a=WPLAOKU3JHlOa4eSsQmUFQ==:17 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Ifg-1AOnLHOf1gn6spyb:22 a=XKgOefoLEnF0tNwW78TB:22 a=85N1-lAfAAAA:8 a=L4fTuH9ki_KfKfqoMywA:9 a=pILNOxqGKmIA:10 a=sGFwL7IiBwNozuUtyfwA:9 a=To9EE8OaXqVl7WJ7:21 a=_W_S_7VecoQA:10 a=cyfSibbquD4hpIoiQNSb:22
X-Proofpoint-GUID: aeSFRBoWnCHtOfbnQXW3OJOIVB1SY3RR
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-02_05,2026-03-03_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 phishscore=0 impostorscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2602130000 definitions=main-2603030123
Message-ID-Hash: DDIUWB3G4VGXBJYU6HMKFLKKU7TCMGYP
X-Message-ID-Hash: DDIUWB3G4VGXBJYU6HMKFLKKU7TCMGYP
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NTP WG <ntp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ntp] Re: NTS pools -- share keys?
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/XgalrHb93DptwLwQ-fQCrS-sCfs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>

  *
 Maybe it would help if we called them NTS-KE pools.

  *
This proposal seems to mainly for the pool.ntp.org pool, where a
  *
higher level of trust would be expected at the NTS-KE level than the
  *
NTS-NTP level.

well, since this is a new thing, I suggest that it gets a new term :). But we can figure that out post-adoption; one of David’s columns seems like a good choice.

v2.40.4 | Report a Bug | By Email | System Status