[Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last call Genart review
Harlan Stenn <stenn@ntp.org> Fri, 09 January 2026 01:03 UTC
Return-Path: <stenn@ntp.org>
X-Original-To: ntp@mail2.ietf.org
Delivered-To: ntp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CC41EA514DF1 for <ntp@mail2.ietf.org>; Thu, 8 Jan 2026 17:03:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HR_q-4UjCUFc for <ntp@mail2.ietf.org>; Thu, 8 Jan 2026 17:03:12 -0800 (PST)
Received: from chessie.everett.org (chessie.fmt1.pfcs.com [66.220.13.234]) by mail2.ietf.org (Postfix) with ESMTP id D51E3A514DE2 for <ntp@ietf.org>; Thu, 8 Jan 2026 17:03:11 -0800 (PST)
Received: from [10.208.75.149] (unknown [75.139.201.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4dnNjc1KLqzMQqw; Fri, 9 Jan 2026 01:00:20 +0000 (UTC)
Message-ID: <a48f0638-fbac-490f-b383-a6f8de1c4a65@ntp.org>
Date: Thu, 08 Jan 2026 17:02:57 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Watson Ladd <watsonbladd@gmail.com>, Harlan Stenn <stenn=40nwtime.org@dmarc.ietf.org>
References: <20260108041542.650F862003D@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <20e35ae8-fc83-438d-bb2e-a8cc644966fe@pdmconsulting.net> <cace1feb-df41-4bce-836b-73e53a5b7572@nwtime.org> <CACsn0cme3iSv+qgF7CbD5cEyeCg=FjGZiNQcEmj6ydrBDP6yzA@mail.gmail.com>
Content-Language: en-US
From: Harlan Stenn <stenn@ntp.org>
Autocrypt: addr=stenn@nwtime.org; keydata= xsDNBFI2xmQBDACrPayw18eU4pIwCvKh7k0iMkAV9cvzs49kBppM+xoH+KKj4QWmkKELD39H ngQnT3RkKsTLlwxyLqPdUmeQNAY2M5fsOK+OF6EvwLPK9hbmE3Wx2moX+sbEUxJ2VzFhKSKb OPZALXwk1XxL0qBedz0xHYcDwaSAZZkEFXURv2pDIdrmnoUnq2gdC8GpoFJiXoUaCLSYzzaY ac4Njw7Mue8IqfzRQb70aMjXl/qmsmfmEVAyGXywDdc/ler4XSgiuYOV7Kf69bj9PFZZSMdJ MWgEyZH6lJ0TU5ccR2zp5ZRmWzQQkxJMyH2th7q0Nmz3aX4A0K4yE0Ba9/5Dr7ctpF15BrMF aEo4s5lwI6tUnkgMWo265mMzCz4mAPV/ac0w0OXQg7r9E2r0+dRapnzUlG43D0JLDqDr9uRR L6IrRQqoCWUC75lfmPYQYSlaTJaK68r3lXd0z1cXJUgVtEL5H3/Z71R2B20twcQVAnw2iIH6 L5vdrsIjHrMmkqRVbs9nNyEAEQEAAc05SGFybGFuIFN0ZW5uIChOZXR3b3JrIFRpbWUgRm91 bmRhdGlvbikgPHN0ZW5uQG53dGltZS5vcmc+wsD5BBMBAgAjBQJSNsblAhsvBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AACgkQyIwAt1pH+kBlzgv/QOg70vdj8wU/z97UPdlbxtN4THAB gfSX4N0VPKT5fjX1tFhuXZQAOv7wedR3Trh7TGteyg33TBAFf9A42mXZKi1IxAiQG118Hd8I 51rXwnugURIYQaIyQI+vbchRbwVyz+mVLTI/h6FdbsVzT4UFmir+ZMkb/XeZPu0HItk4OZHE 6hk+TuTiCnlqlCPLq371fXV54VOb91WZYD8EQFtK02QHGHsQqWvapdphiDVpYehmsPyiTESq NMKLVtjtyPkQ6S7QF3slSg+2q3j8lyxEA78Yl0MSFNU8B/BtKgzWP2itBOfi+rtUKg+jOY1V /s2uVk2kq2QmHJ/s5k5ldy3qVvoTpxvwBe0+EoBocTHYt+xxp0mTM6YY1xLiQpLznzluqg9z qtejX1gZOF4mgLiBIrhXzed3zsAazhTp5rNb1kn0brZFh6JC5Wk941eilnA4LqX8AWo0lmwo eb+mpwZK/5lNdage/anpVqft9wJ/8EcvST9TLUO4fPrmT3d/0LpWzsDNBFI2xmQBDADXLsBk I7CSa5UXlrNVFJQHER1VxRBKqjWWCh/8Qv9v3p3NrIc2UnhoZ1uWQ2voBGty5Xfy9k4afV5k WwDyRDUIb7PX+Tj4HjVVr7qvnOVe/0KzZpNq0Azd0ggFbsM+8mydktHIwJykW0NUsGwPRYuD OA0Lro0ohb5IiCt3sSQi1X1hYjo7O1Vmn8Gy/XYOnhnMux+5zDPO2yTkCNX5PocYi9IJJy6p Mq1yQV4Y2Dl8KtQzvtq55vCUxx6n0MMzFViGwNW6F4ge9ItO4tDScsgowDrHa208ehwOpv/i wjf93lCClQ6vaKmOBX872K/tdY/hwhxPPjgl1bcrOwMRYVemOPPehwnXH5bwclk1hvDQdkJQ 5pJOkE4VCryTF/iDAt4g2QnHocUwt3b6/ChUUWmj2GZ22OR12rbnCtLedwp0DpViKPUCQHBO vpgXdzE/L9zWar9fqM0EREMgfWbsJc9028qluCcFLIN1gYsq4cC+YGAcOu7HOI5orBBV4m9j XfsAEQEAAcLCfgQYAQIACQUCUjbGZAIbLgGpCRDIjAC3Wkf6QMDdIAQZAQIABgUCUjbGZAAK CRDfCQ/G52/8P/uWDACe7OEM+VETDRqjQgAwzX+RjCVPvtgrqc1SExS0fV7i1mUUxr/B8io3 Y1cRHFoFKmedxf8prHZq316Md5u4egjFdTT6ZqEqkK0hvv+i0pRpCa5EX9VIStcJStomZp8F cY34grA+EOWITaLQ4qNZUP7rf2e7gq1ubQTj7uLr6HZZvMZ5em+IvrOWEuWDI6yOiI6px04w RDfkoR2h6kgdw4V0PT4NjK9WYYKrVCf1bjLlVImNBEcXfvlUTrIYO8y6ptvoUsBQky5pQRvP 99Pn42WfyLy50aII6+vyudD4T0yLjXAz4KteUttxtIte64m/F9/7GEIZAxTUcLyOq/7bP4le h39jBckwc62iYzeK/VkU/bMMh2D68Z3QylMnhhcW27BcgQHPKsHhmFa2SNytYcuQiSdf9+pj 4i32ETz1nJAvYAAqgTF/0PL+8ZNQoEpe/n9woMKrlZrqD4EgFmhQ3bNVhlaXz1nuTZDrwPt1 yMxBuUNbCF4jFnaruwrSiGTRoIfUZQwAjQglahrV4/mcjfnvbNoseHX0PKd9q+wjg7MIjWqr f2CI8Fa6MdanqwYphz43I2yXANKFZuMWsWqyQYlvGuPUlUUcAL3stp24RkzDB1Q+JS0IZJST T2JSu0aTfUdWVNqr2UI19eX+zxbOTckSi3Ng14ezG8ZX194ZH10b8JzntQOwmA20pd5JDhug zQfASER+CZDiPPcQ4mvC4y7rMrfV6XGQbDynC3ekDxo8SC5SvjaczXMwXg6SZ8iFtEWmEwW9 r7zPjjIPDrX8w5LXBgxArM5o/HbERpc2EdAvMh1D7LC0SvmoE7fBKxsicVBe4h6vXjEZ+LLr /wuZiBld9OnxAUIpwptbBspO6WKTQYvgFH2OeDG27hiE5P4Xs4WSp5j9ez8OVB1iZnA2nCQ+ tNTjO8c+C/P92vPLx5+bpGRXTXMNaLh34PS3ZsYoUDkKZNhczRZUWJ7nynSbeeyF+QW7SLwA qY7O7dyk9LFTsfJqRQJ7tWnIAjJPCwmSgQ8Kl0UJ
In-Reply-To: <CACsn0cme3iSv+qgF7CbD5cEyeCg=FjGZiNQcEmj6ydrBDP6yzA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: KH3NN6AD7GPJ5L4X3Q6YX6HOGDIS6AOB
X-Message-ID-Hash: KH3NN6AD7GPJ5L4X3Q6YX6HOGDIS6AOB
X-MailFrom: stenn@ntp.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Danny Mayer <mayer@pdmconsulting.net>, ntp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last call Genart review
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/bGuTLFF5SbdPuUWJlEQ4kSOxLSI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>
On 1/8/2026 4:17 PM, Watson Ladd wrote: > On Thu, Jan 8, 2026 at 4:06 PM Harlan Stenn > <stenn=40nwtime.org@dmarc.ietf.org> wrote: >> >> On 1/8/2026 8:45 AM, Danny Mayer wrote: >>> >>> On 1/7/26 11:15 PM, Hal Murray wrote: >>>> [I'm answering your questions, not commenting on the text in the draft.] >>>> >>>>> I think this needs some clarification. Because, AFAIK NTP and NTS does >>>>> not require the client to have prior knowledge of the time either, >>>>> right? >>>> NTP works fine without any prior knowledge of time. It is not secure. >>>> >>>> NTS uses TLS. TLS uses certificates. Certificates have not-before and >>>> not-after times. >>> >>> This is wrong. It's actually a Catch-22 situation. You cannot use >>> certificates if you don't know the time initially so you cannot use TLS >>> or NTS initially. >>> >>> It gets worse because DNSSEC uses certificates which also need to have a >>> relatively good local time in order to validate the certificates. >>> >>> A server that has been sitting on the shelf or doesn't have a TOD will >>> have no idea of the time initially, so it needs to get time from a NTP >>> server unauthenticated and unvalidated. >> >> Is that so? >> >> What is wrong with private-key authenticated time? > > Private keys aren't, particularly across large numbers of IOT devices. Where are these large numbers of IOT devices sourcing their time from? It's at worst straightforward for the "local" DHCP server to provide a local set of curated, trusted time sources. > Or they are a pain to manage and rotate. Manually, sure. But it's not difficult to automate. It also depends on the use-case, and risks. > Again this ignores another huge advantage discussed in the > introduction: unlike every other existing mechanism for time > distribution Roughtime enables proving when a server is providing time > inconsistent with another, and thus taking action. It is certificate > transparency for time. I'll read more about this then. Until then, I remain suspicious. >> I wonder if Khronos might also provide assistance here. >> >>> There's no simple way out of this. >>> >>> Danny >>> >>> >>> _______________________________________________ >>> ntp mailing list -- ntp@ietf.org >>> To unsubscribe send an email to ntp-leave@ietf.org >> >> -- >> Harlan Stenn <stenn@nwtime.org> >> https://www.nwtime.org/ - be a member! >> >> _______________________________________________ >> ntp mailing list -- ntp@ietf.org >> To unsubscribe send an email to ntp-leave@ietf.org > > > -- Harlan Stenn <stenn@ntp.org> NTP Project Lead. The NTP Project is part of https://www.nwtime.org/ - be a member!
- [Ntp] draft-ietf-ntp-roughtime-15 ietf last call … Christer Holmberg via Datatracker
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Hal Murray
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Harlan Stenn
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Christer Holmberg
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Danny Mayer
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Harlan Stenn
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Watson Ladd
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Harlan Stenn
- [Ntp] Re: draft-ietf-ntp-roughtime-15 ietf last c… Hal Murray