Re: [Ntp] Antwort: Re: Antwort: Why Roughtime?

Hal Murray <> Mon, 18 December 2023 19:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EAC27C15107C for <>; Mon, 18 Dec 2023 11:29:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JFX-v7MD8lsw for <>; Mon, 18 Dec 2023 11:29:25 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 17B23C151077 for <>; Mon, 18 Dec 2023 11:29:25 -0800 (PST)
Received: from ( []) (authenticated bits=0) by (8.16.1/8.16.1) with ESMTPSA id 3BIJTNAU009001 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 18 Dec 2023 11:29:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=net23; t=1702927764; bh=9gJouPwF0Z0yCLZTG8bbeFyj6ReQD0/7iSn4DBtL+jw=; h=To:From:Subject:Mime-Version:Date:Message-Id:From:Subject; b=3pBZ+w5BCZJ6kQEWTxGtnuHbYUzNuUyKZ+CM5zRHXITEqomZgB/SvbvIxJxHkKISc GLM3mGEbwLKV+PPqJRHsJQ8nzqlZ9iXLurzVBrwtVuBaTZ0Bf5hRoaczXwpVlhxnER 8TTE+2XXmmo8Rvz/P+JmXrlwHeDJAbapj/oGcX0xT5ccbLyKRvWKzCxkmwewQq2eVn XQ6kH5MN6JSb2KJeTmQE23kydzD98a4rinZfe4AGoJHai7OSfQ1GFxvPaFb87af35c n6SUPkDPsRCoVEJeD8LcyIHV5xGAOAz+iNTneV/04gD55ufLH6D+tD98ik/W8g6z+w pDfcejydEH9rw==
Received: from hgm (localhost [IPv6:::1]) by (Postfix) with ESMTP id 5B3BD28C1C3; Mon, 18 Dec 2023 11:29:23 -0800 (PST)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8
To: Watson Ladd <>
cc:, Hal Murray <>
From: Hal Murray <>
In-Reply-To: Message from Watson Ladd <> of "Mon, 18 Dec 2023 09:24:00 -0800." <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 18 Dec 2023 11:29:23 -0800
Message-Id: <>
X-Sonic-CAuth: UmFuZG9tSVbMUPOq+Fgk25pVp60nc1gUpP9YZvChQoaxoxY+i0dQoM5YD4MmtGx61YDbyRpLTWWLmM2JHjFBXpKTMCLyEItlQ4wMhta6Rhc=
X-Sonic-ID: C;gIG7v9ud7hGv6RVnR+6Zsg== M;St/Pv9ud7hGv6RVnR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <>
Subject: Re: [Ntp] Antwort: Re: Antwort: Why Roughtime?
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 19:29:29 -0000

Watson Ladd said:
> How would you put it in? Signing the response takes significantly longer than
> you want in NTS.

NTS already signs each packet.  The catch is that the key used for the signing 
is a shared secret setup by NTS-KE.  What's missing is a way to prove that the 
key the client is using was used by the desired server.  We can get that by 
extending NTS-KE to include signing the shared keys.

Using this approach would allow you to monitor every NTP+NTS transaction 
rather than only an occasional Roughtime refresh.

> Having a long term identity runs at cross purposes to relying on the WebPKI.

Right.  We would have to bypass the WebPKI.  We can do that with self signed 
certificates.  It looks like we would be using the WebPKI because the public 
key is embedded in a certificate but it's not using their (relatively) short 
lifetime root certificate collection.  If you can distribute a long lifetime 
key for Roughtime we can do the same to distribute a long lifetime certificate.

I'm not a WebPKI wizard.  I'm using self signed certificates for testing so 
most of the code for that path already works.

These are my opinions.  I hate spam.