Re: [Ntp] NTS Pools
"Salz, Rich" <rsalz@akamai.com> Wed, 17 April 2024 18:06 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DE08C14CEED; Wed, 17 Apr 2024 11:06:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.841
X-Spam-Level:
X-Spam-Status: No, score=-4.841 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DBF9E9WwuRD; Wed, 17 Apr 2024 11:05:58 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3E1AC14F5F2; Wed, 17 Apr 2024 11:05:54 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 43HHwjtK020152; Wed, 17 Apr 2024 19:05:53 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=jan2016.eng; bh=7I/zYIvpQq8HlZ9S+r Vu0KgnKYFsGE7qGhioZx4uXZg=; b=Ow0Gl9aD5qriY6IyIS0ZFgSb+OJI8TEHXJ IdKGa5Kau9cywqOiEeVq2UAKbu1oR5A+QAPtm2J+CXjzHLImOHRy+GRlJ2ArC8cx iXtWzfTk+wSKz3MvrVoize9ryhvAFuLVz0egZ5YVXvmITG56J4V1f1QeSmn7aRw1 6cs31a+p896SGhQw7/dkMNDZ0YikEDGFEEpYwjdmwjbTmMCfL7F0hNmfi3CvM/e3 R590dmfyTF6DkYvgeVvXBqrvkmdqoIRstoTlcDAJ8bjZWJ8faO/otJ0yOS9l3QOB yGYIivcITthov254cmVNyDHLt6mmXnIOcl1ow2NFe1n64GlBuBjA==
Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3xjfp03buc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Apr 2024 19:05:52 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 43HHE9xv031060; Wed, 17 Apr 2024 10:42:56 -0700
Received: from email.msg.corp.akamai.com ([172.27.50.203]) by prod-mail-ppoint5.akamai.com (PPS) with ESMTPS id 3xfr1b4sey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Apr 2024 10:42:55 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 17 Apr 2024 10:42:54 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.028; Wed, 17 Apr 2024 10:42:54 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Luke Valenta <lvalenta=40cloudflare.com@dmarc.ietf.org>, "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTS Pools
Thread-Index: AQHakOy3E/E35DgHjkCjgXI9rURVybFs7csA
Date: Wed, 17 Apr 2024 17:42:54 +0000
Message-ID: <09BB195A-98E1-44CB-AC2B-DCB1887BCC41@akamai.com>
References: <CAAUDTJiXUEnquvnwE84tkA_n8rww6GH3iUs5LSMEe_gqRkOVfg@mail.gmail.com>
In-Reply-To: <CAAUDTJiXUEnquvnwE84tkA_n8rww6GH3iUs5LSMEe_gqRkOVfg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.83.24033013
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_09BB195A98E144CBAC2BDCB1887BCC41akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-17_14,2024-04-17_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=902 malwarescore=0 phishscore=0 bulkscore=0 mlxscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404170123
X-Proofpoint-ORIG-GUID: FCFb1mPC6RPi_c5_WqY-EO6l7ZX6rwWU
X-Proofpoint-GUID: FCFb1mPC6RPi_c5_WqY-EO6l7ZX6rwWU
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-17_14,2024-04-17_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 mlxlogscore=759 clxscore=1011 mlxscore=0 phishscore=0 spamscore=0 lowpriorityscore=0 impostorscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404170128
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/han3J_SqYKZr4dBpAq5xroj3ojA>
Subject: Re: [Ntp] NTS Pools
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 18:06:02 -0000
Luke’s note spurred me to throw in my late feedback as well. > My primary goal currently is to work towards a pool or pool-like solution that > 1) Is drop in for end-users. I.e. if you have a working NTS client, > the pool can be used without any changes to software. Which software? Can you accept recent additions to the TLS library? If so, look at RFC 9345, Delegated Credentials. In this situation, the pool “owner” (or team) has a certificate, and they issue periodic short-term signed data to the pool members, which the members use like the TLS key. Adoption isn’t widespread; for example it’s not supported by OpenSSL, but it has some very nice security and admin properties.
- Re: [Ntp] NTS Pools Luke Valenta
- [Ntp] NTS Pools martin.langer
- Re: [Ntp] NTS Pools "Dr. Dieter Sibold"
- Re: [Ntp] NTS Pools martin.langer
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools Windl, Ulrich
- Re: [Ntp] NTS Pools David Venhoek
- [Ntp] Antwort: Re: NTS Pools martin.langer
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Salz, Rich
- Re: [Ntp] NTS Pools Watson Ladd
- Re: [Ntp] NTS Pools Salz, Rich