IETF Logo Mail Archive

Re: [Ntp] Antw: [EXT] Re: Splitting the Roughtime draft?

Magnus Danielson <magnus@rubidium.se> Tue, 02 February 2021 12:50 UTC

Return-Path: <magnus@rubidium.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12D453A1A63 for <ntp@ietfa.amsl.com>; Tue, 2 Feb 2021 04:50:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rubidium.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1ucO2jwN5hj for <ntp@ietfa.amsl.com>; Tue, 2 Feb 2021 04:50:55 -0800 (PST)
Received: from ste-pvt-msa2.bahnhof.se (ste-pvt-msa2.bahnhof.se [213.80.101.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07DDA3A1A60 for <ntp@ietf.org>; Tue, 2 Feb 2021 04:50:51 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by ste-pvt-msa2.bahnhof.se (Postfix) with ESMTP id 08C883F773 for <ntp@ietf.org>; Tue, 2 Feb 2021 13:50:48 +0100 (CET)
Authentication-Results: ste-pvt-msa2.bahnhof.se; dkim=pass (2048-bit key; unprotected) header.d=rubidium.se header.i=@rubidium.se header.b=FiBNv9yV; dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
Authentication-Results: ste-ftg-msa2.bahnhof.se (amavisd-new); dkim=pass (2048-bit key) header.d=rubidium.se
Received: from ste-pvt-msa2.bahnhof.se ([127.0.0.1]) by localhost (ste-ftg-msa2.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKhGg6BvA8Ln for <ntp@ietf.org>; Tue, 2 Feb 2021 13:50:46 +0100 (CET)
Received: by ste-pvt-msa2.bahnhof.se (Postfix) with ESMTPA id 914013F6C0 for <ntp@ietf.org>; Tue, 2 Feb 2021 13:50:46 +0100 (CET)
Received: from machine.local (unknown [192.168.0.15]) by magda-gw (Postfix) with ESMTPSA id 9E38A9A04DC; Tue, 2 Feb 2021 13:50:45 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rubidium.se; s=rubidium; t=1612270245; bh=gfo3l/nVHZ92dSoV1qrd9Yevk3+5FPsj+porL2evEDw=; h=Cc:Subject:To:References:From:Date:In-Reply-To:From; b=FiBNv9yVV9MdUc722elWC2AfJJA/y9b+sr8vAtZ1XSrS5yJlqWZ0FPbWTLXUvH+CN ShtZ/+Ke0FKtNSX6/sRQXfRyDahtLI1HfOlirUvET/aACCWaaN2seidND8nneYnVun KAJv3L3va9zNuKF1jDMiy/phMOA2b0z4neAlId4pIoYe2qlXKY2X6s6jILpAAUYFPQ MDa4lUKH1uADPgXj+KNOFEeh1BKeu7ZOm9TEw3lpjS/u3B9x7qZ+YcbhxMm1t4D8FF PKLE95Q4zwGFjCjI+2enb0Hc1QkT0qPwKRaVsKLKyDTGQewn90DJRPO9q+5fXU0Zp6 itekK8U0LEkWA==
Cc: magnus@rubidium.se
To: ntp@ietf.org
References: <20210131090607.ED116406061@ip-64-139-1-69.sjc.megapath.net> <6017ADBF020000A10003E988@gwsmtp.uni-regensburg.de> <CANCZdfrCnkyw88wdznGD-3PgF1taMx1ZMNdvV8OP_ATsK413bg@mail.gmail.com>
From: Magnus Danielson <magnus@rubidium.se>
Message-ID: <d9837547-dcbd-6f45-f892-8a0017cf691c@rubidium.se>
Date: Tue, 02 Feb 2021 13:50:45 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <CANCZdfrCnkyw88wdznGD-3PgF1taMx1ZMNdvV8OP_ATsK413bg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------7F498CE9A062E3A59E883EAA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/iIghlT7GTCeeiwZLta-FV9_9ZW8>
Subject: Re: [Ntp] Antw: [EXT] Re: Splitting the Roughtime draft?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 12:50:59 -0000

Hi,

On 2021-02-01 22:40, Warner Losh wrote:
>
>
> On Mon, Feb 1, 2021 at 12:29 AM Ulrich Windl
> <Ulrich.Windl@rz.uni-regensburg.de
> <mailto:Ulrich.Windl@rz.uni-regensburg.de>> wrote:
>
>     >>> Hal Murray <hmurray@megapathdsl.net
>     <mailto:hmurray@megapathdsl.net>> schrieb am 31.01.2021 um 10:06 in
>     Nachricht
>     <20210131090607.ED116406061@ip-64-139-1-69.sjc.megapath.net
>     <mailto:20210131090607.ED116406061@ip-64-139-1-69.sjc.megapath.net>>:
>
>     > marcus@dansarie.se <mailto:marcus@dansarie.se> said:
>     >> I think we need to be very clear about the fact that all trust in
>     Roughtime
>     >> is rooted in the long‑term keys and that they are expected to
>     be valid for
>     a
>     >> very long time indeed.
>     >
>     > How long is "very long"?
>
>     The "industry standard" seems to be 10 years for that, while
>     "long" nowadays
>     is probably only two years...
>
>
> Consumer grade stuff is like 1-2 years. But deployed, embedded gear
> still needs 5-10 years depending on the segment it is in. You don't
> want to climb a lot of telephone poles to redeploy every couple of
> years, for example...

Actual Consumer grade stuff is longer, much longer than the vendors of
it think. For many operator purposes systems can survive 15-20 years,
easily.

It's hard to set such life-spans. Some systems have much longer
life-spans, but then upgrades occurs. What we should focus on is to make
it long enough so that a upgrade over the net can occur, even if that
occurs over a low enough rate. Re-keying over the air is the way to go
long-term. Then you have the problem with long storage times, and ways
to upgrade them with keys, and override if they gone over the time.

Requirements is starting to emerge on this, and I have been pushing for
it, but it takes time before you can rely on it in such system designs.
So we will have to push both sides.

Cheers,
Magnus

v2.23.0 | Report a Bug | By Email