Re: [Ntp] Getting started using NTS -- clock accuracy vs certificates
Marcus Dansarie <marcus@dansarie.se> Tue, 02 August 2022 12:57 UTC
Return-Path: <marcus@dansarie.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B318C16ED0E for <ntp@ietfa.amsl.com>; Tue, 2 Aug 2022 05:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dansarie.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HuSZNrHp_mf2 for <ntp@ietfa.amsl.com>; Tue, 2 Aug 2022 05:57:41 -0700 (PDT)
Received: from mail.dansarie.se (mail.dansarie.se [IPv6:2a02:7aa0:5000::14a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB3DBC13CCE8 for <ntp@ietf.org>; Tue, 2 Aug 2022 05:57:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dansarie.se; s=mail; t=1659445058; bh=6EtNzS4KCPk8gGmqr/d4GlWKt7VrgVEnvycMUtSHJDw=; h=Date:To:References:From:Subject:In-Reply-To:From; b=DvkA9NBa0cRQmEICjU6AIFkvk6PrufbUm7bJDAduziLsIZnmEJGWwgbBoNUrZ8Lw1 U7+2uPXLbeJ4ucgPoDRylrhDQ/0DAgAXNmHfNV54Ef5U6I8yF2C/ED7IwD1hl5l5lv /159hjilFcqrfuTHaMIeRnQWafJoa5YjcMKBg550d+cuZf77N3xLVPQ51+RbsIyC3+ ZPzeXe4cAuihSZ86rOFZARMGIxEZvBdYtMdGI2hLyuhltQvE5XtLUnAYFkw/XPC6lJ kz5V8K0L8DMSorZpIwaGgmUl38iJ0qzEUtyJJV9aG0MobLyJhEJuZpSwgWkqA6U2Id CGl6R4WacGoCw==
Message-ID: <03a40673-7d36-9639-af84-41f251bf8569@dansarie.se>
Date: Tue, 02 Aug 2022 14:57:37 +0200
MIME-Version: 1.0
Content-Language: en-US
To: ntp@ietf.org
References: <20220729181119.A49C928C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
From: Marcus Dansarie <marcus@dansarie.se>
In-Reply-To: <20220729181119.A49C928C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/nWh2k1XQJrUnyppFergMAFWHVwA>
Subject: Re: [Ntp] Getting started using NTS -- clock accuracy vs certificates
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 12:57:45 -0000
On 2022-07-29 20:11, Hal Murray wrote: > What happens if the system sits on the shelf for a month? The system will try > to verify certificate chains with a clock that is a month out of date. > > Do certificate geeks consider that case? When they setup a new certificate, > do they back-date the starting time or just use "now"? If not, then the max > clock error is the time since the certificate was issued. > > Has this issue come up in other contexts? Since no one has mentioned it yet, I'll jump in here to say that Section 8.5 of RFC 8915 suggests some solutions to this chicken and egg problem. However, if the time on the shelf is long enough, the suggestions there will not help since the root certificates in its store will have expired. In the general case, I think there are two ways to handle this: 1. Trust on first use: * Download current root certificates via HTTPS without checking certificates. * Acquire time via multiple NTP/NTS servers. * Go back and check that the HTTPS and NTS certificate chains and DNSSEC signatures are consistent with the acquired time and root certificates. * Perform full time and certificate chain checks on subsequent boots. This is vulnerable to a MITM attacks on the first boot. 2. If the vulnerability in 1 is not acceptable, have a human set time and provide update root certificates on first boot. Alternately, use a stored symmetric key to verify initial time (though this would make NTS redundant). Roughtime, where servers are expected to have persistent long-term certificates, makes an attempt at fixing this problem. The hope there is that with a long enough list of Roughtime servers, the probability that at least one of them will still be available and using the same certificate should be high enough. Kind regards, Marcus
- [Ntp] Getting started using NTS -- clock accuracy… Hal Murray
- [Ntp] Antw: [EXT] Getting started using NTS ‑‑ cl… Ulrich Windl
- Re: [Ntp] Getting started using NTS -- clock accu… Miroslav Lichvar
- Re: [Ntp] Getting started using NTS -- clock accu… Hal Murray
- Re: [Ntp] Getting started using NTS -- clock accu… Miroslav Lichvar
- Re: [Ntp] Getting started using NTS -- clock accu… Salz, Rich
- Re: [Ntp] Getting started using NTS -- clock accu… Marcus Dansarie
- Re: [Ntp] Getting started using NTS -- clock accu… Danny Mayer
- Re: [Ntp] Getting started using NTS -- clock accu… Salz, Rich
- Re: [Ntp] Getting started using NTS -- clock accu… Danny Mayer
- Re: [Ntp] Getting started using NTS -- clock accu… Miroslav Lichvar