Re: [Ntp] Of Roughtime's algorithm agility, and host attestation

Watson Ladd <> Sat, 27 July 2019 06:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 915A3120220 for <>; Fri, 26 Jul 2019 23:54:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AwQeEIs1qKTl for <>; Fri, 26 Jul 2019 23:54:28 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6D5EB1201F3 for <>; Fri, 26 Jul 2019 23:54:28 -0700 (PDT)
Received: by with SMTP id c9so38547319lfh.4 for <>; Fri, 26 Jul 2019 23:54:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=q76wyUFgBqNZ2wK/IXe89YprOnoaG2zIbYJLmtv/img=; b=W+nCYVpILiLO23zrGHdTRWc5rUH7D4w/rgCPwaAYVeZMg17jOp3f41OsEc/RQJD5Ks S84tanOAgTj2l2Q4LZGUDR1E6zz5cJXuXOGOb5ViVKG0IZN5f6APZ28mY8zRQeKVttBt /eWSyApE/Ie+GvHmJ5bDLUiiGUKbqXrRuE3VTSMSVfhqpcJF/nnaQQbAIi7fpLk7cGQT IlMsPFa8ZnZFWdc/3TZ3gx1/VGvr13aMfosgb4GH/RK1fcdHzkOiSH85lCj/vNH0i1ay pHJ9Kysy+a04EfQcO+Hho8r/Ojlx23oSywrLZfIWIP9304itGojMHoHLbgevTbrizPo5 h8tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=q76wyUFgBqNZ2wK/IXe89YprOnoaG2zIbYJLmtv/img=; b=WmQ5VzADP2UF4jUZjuv2mn/ckxWTJuVjyAtBQo3lFiS7VXodR62q5IXY4LQg0Z7pYw mXIH1OIDWpKEY3dz6mqQAVbOwziQSK6ONYEpmZj9rkVd8KyOrpcaivcR0eKFf9pMzVGU Q431W2yQlsWHHbus67gc+oiqEMs0r8qK+QgqqUDLtvQrlxWXsddWtNoVwV/zE2cHjJae vzjXNC77xVuLq+DxdtWi8uGPm2imaXXu2KCM+M/Vl6Y5UKZCbGipOJHnzdkSVK9m3sG3 ZkuoBNuRGTI8EmO8a2LKRnIGa+3HkGJHUHzjBM60eLCnIL8p0jX3AXo9EK4jrH4YZwkp enLQ==
X-Gm-Message-State: APjAAAUncw6Xzr4NieE6eT/B+jnW9YxLavDx5+usjt8zki3KZE7se9uc GI3wHjbsdnAHro8BCbr4LpG5tsfGApkbnZv20As=
X-Google-Smtp-Source: APXvYqx73g9RxefBLUsuo5ILnvi1z/2/YsVoB3Cr6wXwtlpMvJpfFyz/hUKM5LbFqmZPShpuhLlTe4TxjCdeybiozkQ=
X-Received: by 2002:a19:6904:: with SMTP id e4mr27639090lfc.156.1564210466476; Fri, 26 Jul 2019 23:54:26 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <>
In-Reply-To: <>
From: Watson Ladd <>
Date: Fri, 26 Jul 2019 23:54:14 -0700
Message-ID: <>
To: =?UTF-8?B?UGF0cmlrIEbDpGx0c3Ryw7Zt?= <>
Cc: =?UTF-8?B?UGF0cmlrIEbDpGx0c3Ryw7Zt?= <>, "Salz, Rich" <>, Robert Nagy <>, NTP WG <>, Thomas Peterson <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Ntp] Of Roughtime's algorithm agility, and host attestation
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 27 Jul 2019 06:54:32 -0000

On Fri, Jul 26, 2019 at 11:32 PM Patrik Fältström <>; wrote:
> On 27 Jul 2019, at 7:58, Watson Ladd wrote:
> > It seems people are misunderstanding the trust relationship here. The goal is to have publically observable, auditable performance and identities tied to that. So it makes very little sense to link these identities to another naming system, but maybe this is a better idea then it seems. In particular public keys really shouldn't change: that could permit the laundering of errors, which we very much don't want.
> Ahhh...ok, sorry. I did not write enough words.
> I agree with the base idea in what you write here. One should be careful on what one trust. But, one also need to base the trust on something, some root.
> This can of course as some have suggested a cert for some time service one trust. Or the root CA of something else. Like root in some other naming system.

I consider roughtime analogous to certificate transparency: the point
is not that Nimbus or Behind the Sofa are necessarily run by good
people or that the certs are logged by them, but that for the past X
they have dutifully logged each one, and if they were to fail to,
there would be incontestable proof of malfeasance. Nothing is really
rooted in the assertion of identity which is sort of irrelevant here.

> My answer was "just" responding to the question whether we should in the case some cert is stored in DNS create a new RRType, which is something I find not necessary as TLSA exists.
>    Patrik

"Man is born free, but everywhere he is in chains".