Re: [Ntp] Antwort: Re: Antwort: Why Roughtime?
Hal Murray <halmurray@sonic.net> Mon, 18 December 2023 19:29 UTC
Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAC27C15107C for <ntp@ietfa.amsl.com>; Mon, 18 Dec 2023 11:29:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sonic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFX-v7MD8lsw for <ntp@ietfa.amsl.com>; Mon, 18 Dec 2023 11:29:25 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17B23C151077 for <ntp@ietf.org>; Mon, 18 Dec 2023 11:29:25 -0800 (PST)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (104-182-38-69.lightspeed.sntcca.sbcglobal.net [104.182.38.69]) (authenticated bits=0) by c.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 3BIJTNAU009001 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 18 Dec 2023 11:29:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sonic.net; s=net23; t=1702927764; bh=9gJouPwF0Z0yCLZTG8bbeFyj6ReQD0/7iSn4DBtL+jw=; h=To:From:Subject:Mime-Version:Date:Message-Id:From:Subject; b=3pBZ+w5BCZJ6kQEWTxGtnuHbYUzNuUyKZ+CM5zRHXITEqomZgB/SvbvIxJxHkKISc GLM3mGEbwLKV+PPqJRHsJQ8nzqlZ9iXLurzVBrwtVuBaTZ0Bf5hRoaczXwpVlhxnER 8TTE+2XXmmo8Rvz/P+JmXrlwHeDJAbapj/oGcX0xT5ccbLyKRvWKzCxkmwewQq2eVn XQ6kH5MN6JSb2KJeTmQE23kydzD98a4rinZfe4AGoJHai7OSfQ1GFxvPaFb87af35c n6SUPkDPsRCoVEJeD8LcyIHV5xGAOAz+iNTneV/04gD55ufLH6D+tD98ik/W8g6z+w pDfcejydEH9rw==
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 5B3BD28C1C3; Mon, 18 Dec 2023 11:29:23 -0800 (PST)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8
To: Watson Ladd <watsonbladd@gmail.com>
cc: ntp@ietf.org, Hal Murray <halmurray@sonic.net>
From: Hal Murray <halmurray@sonic.net>
In-Reply-To: Message from Watson Ladd <watsonbladd@gmail.com> of "Mon, 18 Dec 2023 09:24:00 -0800." <CACsn0c=UNN7Sz6YeboT6UrmiQ1G0heQHsLSdB+_gopT3AOThhg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 18 Dec 2023 11:29:23 -0800
Message-Id: <20231218192923.5B3BD28C1C3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVbMUPOq+Fgk25pVp60nc1gUpP9YZvChQoaxoxY+i0dQoM5YD4MmtGx61YDbyRpLTWWLmM2JHjFBXpKTMCLyEItlQ4wMhta6Rhc=
X-Sonic-ID: C;gIG7v9ud7hGv6RVnR+6Zsg== M;St/Pv9ud7hGv6RVnR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/XkWX6GroBiZAifn92HH121GYrsI>
Subject: Re: [Ntp] Antwort: Re: Antwort: Why Roughtime?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2023 19:29:29 -0000
Watson Ladd said: > How would you put it in? Signing the response takes significantly longer than > you want in NTS. NTS already signs each packet. The catch is that the key used for the signing is a shared secret setup by NTS-KE. What's missing is a way to prove that the key the client is using was used by the desired server. We can get that by extending NTS-KE to include signing the shared keys. Using this approach would allow you to monitor every NTP+NTS transaction rather than only an occasional Roughtime refresh. > Having a long term identity runs at cross purposes to relying on the WebPKI. Right. We would have to bypass the WebPKI. We can do that with self signed certificates. It looks like we would be using the WebPKI because the public key is embedded in a certificate but it's not using their (relatively) short lifetime root certificate collection. If you can distribute a long lifetime key for Roughtime we can do the same to distribute a long lifetime certificate. I'm not a WebPKI wizard. I'm using self signed certificates for testing so most of the code for that path already works. -- These are my opinions. I hate spam.
- [Ntp] Why Roughtime? Hal Murray
- [Ntp] Antwort: Why Roughtime? kristof.teichel
- Re: [Ntp] Antwort: Why Roughtime? Ben Laurie
- Re: [Ntp] Antwort: Why Roughtime? martin.langer
- Re: [Ntp] Antwort: Why Roughtime? Ben Laurie
- [Ntp] Antwort: Re: Antwort: Why Roughtime? kristof.teichel
- [Ntp] Antwort: Re: Antwort: Why Roughtime? kristof.teichel
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Watson Ladd
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Daniel Franke
- Re: [Ntp] Antwort: Why Roughtime? Hal Murray
- Re: [Ntp] Antwort: Why Roughtime? Daniel Franke
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Hal Murray
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Hal Murray
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Daniel Franke
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Ben Laurie
- Re: [Ntp] Antwort: Why Roughtime? Ben Laurie
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? 黄振天
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? 黄振天
- Re: [Ntp] Antwort: Re: Antwort: Why Roughtime? Zhentian Huang
- Re: [Ntp] Antwort: Why Roughtime? wangshuai@mail.zgclab.edu.cn