[Ntp] Of Roughtime's algorithm agility, and host attestation

Thomas Peterson <nosretep.samoht@gmail.com> Sat, 27 July 2019 01:04 UTC

Return-Path: <nosretep.samoht@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FC5E1201E8 for <ntp@ietfa.amsl.com>; Fri, 26 Jul 2019 18:04:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OK5WKh3mT2DG for <ntp@ietfa.amsl.com>; Fri, 26 Jul 2019 18:04:24 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E5251201E6 for <ntp@ietf.org>; Fri, 26 Jul 2019 18:04:24 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id z3so108497277iog.0 for <ntp@ietf.org>; Fri, 26 Jul 2019 18:04:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=oSJPkklN8oiIHiOoIYAGSIj6K02gqXNFfg+uXPNLbLA=; b=cNk6j6JlgnQt2VHdM3PBZr45UmIrnw6Y5gyjJ6BVMkBDNU//cFpOo4jh/Grxsmtavn BrjW8coBLKOBhSfj6n+43wfrQFYvfJcB00fSH/aMdp39XO1mf5AjuF13jdsmUkWzdJT9 LYQWOsw+4HO8S94VXi+X2oxCJDgpQa4X0YrCooj/WKeO3vwEwssNSI3SFLFUwE8eWFux fv6p9f8eJ3xcgQmfsJVb1opwyaLirBXViyzJQcFD94CWTB5QWLIXlvA8bzH3al8ymMuT GhxMW191YwlXcXpbFZ2Y2CvBTRUiXVr9Fn9M6wteeEZ4Eil5/2NZfCHa15QgQXsQ84dr LPRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=oSJPkklN8oiIHiOoIYAGSIj6K02gqXNFfg+uXPNLbLA=; b=uOxlfx0/5uf0l8y1C+NALjMY1I/MhJaKG1dxyLjL/q9bbepw7uwXtD3Lht6M0cezys ITx0X5USBvMd2id5/i9dfb5DrCKDMq2yYgPyRVVjSuhhxthzov9TuuFUsT+lhJ2kvI/8 Id/h/R7wqYRhfOaYa80/4wfluvNdRBV7+rfjszX5crrt1KVFS1g/e6PSOt6XDnIiu91e ATnl7b0Po/ccgK1zQ37EliRnzpB7+q7WL4/MesUSbPruX+X8aRfaPSVjfy2FRCwl1kGp uG3+E0ptTMYmSIRrHfVwQzho6mo6G5RUL1HYLIHw2qTJii//sVxBS5pJYT7q/e0SRL2r Svaw==
X-Gm-Message-State: APjAAAV6Evf62iRv+NQpxwmPSkUyySoiSnqKMt2FLP+1NY73pW1BYlgD QwMOZL6I9mcnEVMqITd9VSjrFeQAdf0=
X-Google-Smtp-Source: APXvYqyt9JvC8Jy7KEKypbG9NNLHXo7oca2uL5f0nrs1AsRjPm1/hZMm5GRB6T1jTx5UHt4FX+w4pg==
X-Received: by 2002:a6b:bf87:: with SMTP id p129mr3791817iof.253.1564189463722; Fri, 26 Jul 2019 18:04:23 -0700 (PDT)
Received: from ROADKILL.local ([207.164.22.10]) by smtp.gmail.com with ESMTPSA id y20sm44408080ion.77.2019.07.26.18.04.22 for <ntp@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Fri, 26 Jul 2019 18:04:23 -0700 (PDT)
To: "ntp@ietf.org" <ntp@ietf.org>
From: Thomas Peterson <nosretep.samoht@gmail.com>
Message-ID: <07725d0b-74ec-ec92-70fe-e27f0c4eee8c@gmail.com>
Date: Sat, 27 Jul 2019 02:04:21 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/kS539CqbcEVgBhshk3OI-ExKIPo>
Subject: [Ntp] Of Roughtime's algorithm agility, and host attestation
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2019 01:04:27 -0000

In discussions with many folk at IETF 105 (thank you for your time), two 
topics have come up in the design of Roughtime:

1. How does a Roughtime client attest the certificate presented matches 
the host that was contacted?
2. Ed25519 may not be secure forever. How do we ensure more robust 
options are made available?

To answer the first point, one suggestion by Erik Klein[0] is to create 
a new DNS RR type that includes the long term certificate of the 
Roughtime server. Should this mismatch the host that is being contacted 
for Roughtime information, clients should consider tampering. It's not 
clear what clients should do if this record was absent. This is perhaps 
a simpler approach that using existing public CA infrastructure that 
supports TLS and S/MIME, but comes with trade-offs.

Q. Do people have thoughts on creating a new DNS RR Type to support 
this, or given the threat and operation model believe we should take a 
different approach?

On the second point regarding algorithm agility, one possible thought 
would be the creation of an IANA registry for Roughtime supported 
schemes. This would more ideal than attempting to piggy-back other 
existing registries (e.g. TLS, which includes legacy such as RSA).

Q. Does the list have a view on this and it's impact to client and 
server negotiation?

Regards

0: 
https://groups.google.com/a/chromium.org/d/msg/proto-roughtime/RVlx6hGeO1U/Dn3zER5JCQAJ