[Ntp] Roughtime, getting started
Hal Murray <halmurray@sonic.net> Sun, 14 August 2022 03:31 UTC
Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58331C1522BC for <ntp@ietfa.amsl.com>; Sat, 13 Aug 2022 20:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hetA6BbR_39O for <ntp@ietfa.amsl.com>; Sat, 13 Aug 2022 20:31:45 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34945C1522B7 for <ntp@ietf.org>; Sat, 13 Aug 2022 20:31:44 -0700 (PDT)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (107-137-68-211.lightspeed.sntcca.sbcglobal.net [107.137.68.211]) (authenticated bits=0) by d.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 27E3VhTG027864 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Sat, 13 Aug 2022 20:31:44 -0700
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 85FAF28C1EF; Sat, 13 Aug 2022 20:31:43 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
To: ntp@ietf.org
cc: Hal Murray <halmurray@sonic.net>
From: Hal Murray <halmurray@sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 13 Aug 2022 20:31:43 -0700
Message-Id: <20220814033143.85FAF28C1EF@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVbH2BT/8ytckeW+mHQXmXfu8H6lJwGbnB3ab2zT8pl14nMvmROUceQ8S57Lsl6fxJo818GSAB26Ar2nXIbz1gb9eKkbZ/gXhlo=
X-Sonic-ID: C;2qsxnoEb7RGoO526mN2KUA== M;ZB5dnoEb7RGoO526mN2KUA==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/pz4D3m1E_V2US2xm6eqZMg7WJDo>
Subject: [Ntp] Roughtime, getting started
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Aug 2022 03:31:47 -0000
I asked about getting started on the TLS list. Somebody suggested Roughtime. (I think it's been suggested here too, but I don't have a reference.) So I took a good look at draft 06. I don't see how it helps. Here is the key section: 6.4 Validity of Response A client MUST check the following properties when it receives a response. We assume the long-term server public key is known to the client through other means. If I can distribute valid long-term keys, I can use them to sign the certificates for NTS-KE servers and don't need Roughtime to get started. Am I missing something? -- These are my opinions. I hate spam.
- [Ntp] Roughtime, getting started Hal Murray
- Re: [Ntp] Roughtime, getting started Miroslav Lichvar