IETF Logo Mail Archive

Re: [Ntp] Splitting the Roughtime draft?

Marcus Dansarie <marcus@dansarie.se> Sun, 31 January 2021 09:17 UTC

Return-Path: <marcus.dansarie.nilsson@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DE383A09EC for <ntp@ietfa.amsl.com>; Sun, 31 Jan 2021 01:17:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.502
X-Spam-Level:
X-Spam-Status: No, score=-1.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFZOCxsqY7DP for <ntp@ietfa.amsl.com>; Sun, 31 Jan 2021 01:17:04 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 819A53A09EA for <ntp@ietf.org>; Sun, 31 Jan 2021 01:17:04 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id f1so18568934lfu.3 for <ntp@ietf.org>; Sun, 31 Jan 2021 01:17:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:from:to:references:message-id:date:user-agent :mime-version:in-reply-to; bh=H50JNtKVW9Zxoxbp5boHv3gRJhYVZEqoE8KS4J/xciQ=; b=qS4Y+UXtYcP2Ue5BKJvu6oafxwcBQdDyjkYCAaLWB3qtlzKS8Q8pALJuarz5ZYJh8J WqZoxGgDh6Z+xMtFQ+T/4PJwudGjIadDUfW+UJofwGid6pdAfbK+6fwIdeHyO7kJnOyI 5+a8ckdAQhTfITfmrAQcJloGcpj40NLmXcFdMPFnk1GQGbaQbfTZH7M2sVJI3c/igt1a RqoQGVQPrTk000AP44pR774QTZlEiW1mJpap4NA+4wP83amKEqznsqhiYjh37bSSmXLn 15NqZCTnNehy7tXis+tFLA6/rUTLS16V/5FdqwvQWMlkUutPAp/k6ChPL321VgGv847B a8lQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:from:to:references:message-id :date:user-agent:mime-version:in-reply-to; bh=H50JNtKVW9Zxoxbp5boHv3gRJhYVZEqoE8KS4J/xciQ=; b=IiO1In/5BhJNlO5nvHVDRxshqiVS5I1mcSWPZbgMAnWz8hZo2KFyncv6gserfRSULc Kye0at5XmBlr+IGD9Ict49ex3rviCKVDfkiti9L9ZJ6EYcN8khNVy4ygYI68oAhJZnKR w8u70QvQ9nVzabNe5bGVJtEduXDwFv857xJP0TRjme1RaF056ZMHI0fV8yjxu3LPrkqr /zt53HlYtY3C67kKgnVBqGm4yL4TPccB5st/zAU/d9CJYgRMJI3iXcWlt+ouqXW8qFyi Y34DJ9QBGD1GpGjVtJ1ZMf+uiuKpUYMIq+GEULDjzqYzxapLgYyRNRAD/g3WiZNP1cU7 LYAg==
X-Gm-Message-State: AOAM532gha3cn6ZFnA/5od+mJur7yYr9ChvQ4pM1Yf5+J2I29HgAa3JR i/OTdQo1bN1XYhnf+XDyLtaeonAk3L4=
X-Google-Smtp-Source: ABdhPJzWS9Oep6xkLJxr4MB5ItV+098Th82TrY1nYbRHfhJc4orFSBbtXylftUcJABcgVcuFaO8Hgw==
X-Received: by 2002:a05:6512:3047:: with SMTP id b7mr6376638lfb.279.1612084622323; Sun, 31 Jan 2021 01:17:02 -0800 (PST)
Received: from ?IPv6:2001:470:dfe6:0:efe:d1ce:c226:96c3? ([2001:470:dfe6:0:efe:d1ce:c226:96c3]) by smtp.gmail.com with ESMTPSA id i18sm2576886lfe.177.2021.01.31.01.17.01 for <ntp@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 31 Jan 2021 01:17:01 -0800 (PST)
Sender: Marcus Dansarie <marcus.dansarie.nilsson@gmail.com>
From: Marcus Dansarie <marcus@dansarie.se>
To: ntp@ietf.org
References: <CACsn0cm0N8otXKhCTRofjx4eHS8Po8-75C20YHMbr2ZAaU3w-A@mail.gmail.com> <55fc783d-ac46-00bb-ecdf-8e7414e2e6e4@dansarie.se>
Message-ID: <9b6fae61-e93d-b626-1f9a-14b4ead0bbf6@dansarie.se>
Date: Sun, 31 Jan 2021 10:16:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <55fc783d-ac46-00bb-ecdf-8e7414e2e6e4@dansarie.se>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="zDLHd09R4engqovCnFJQ93qXzQnuKd3VD"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/rhLl9Y8HzQjjMnqsX8Az857xfHQ>
Subject: Re: [Ntp] Splitting the Roughtime draft?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2021 09:17:06 -0000


On 2021-01-31 09:39, Marcus Dansarie wrote:
> I think it's important to at least define a basic serialization schema
> for both malfeasance reports and lists of servers. If we don't, we risk
> ending up with several incompatible formats for data exchange in the
> Roughtime ecosystem.
> 
> A de facto standard for server lists already exists (ecosystem.json) and
> only needs to be documented in the draft. A simple malfeasance report
> format in the same spirit as the server list format could be a JSON
> object with an ordered list of objects, each containing a nonce and a
> server response, both in base64 format. Verifying the report would be as
> simple as (1) verifying that the list is a valid list of chained
> Roughtime responses and (2) applying the same validity tests as clients.
> 
> Tal Mizrahi and others raised a number of issues with how the security
> model is described in the draft. [1] I don't think they where ever
> addressed. We should probably be proactive in fixing this in the draft,
> as it is something that the IESG will have opinions about. In
> particular, I think we need to be very clear about the fact that all
> trust in Roughtime is rooted in the long-term keys and that they are
> expected to be valid for a very long time indeed.
> 
> After fixing these two two points, I would be happy to support a WGLC.

I just realized that I forgot to add one important point: We need to
specify how revocation of long-term keys is performed, even if it is as
simple as knowingly generating invalid time responses and impeaching
oneself.

Kind regards,
Marcus

v2.23.0 | Report a Bug | By Email