Re: [Ntp] The NTP WG has placed draft-roughtime-aanchal in state "Call For Adoption By WG Issued"

Hal Murray <> Thu, 12 September 2019 02:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A6C95120013 for <>; Wed, 11 Sep 2019 19:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.036
X-Spam-Level: *
X-Spam-Status: No, score=1.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_DYNAMIC_IPADDR=1.951, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 75rn-LDaJ4gT for <>; Wed, 11 Sep 2019 19:47:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 22667120088 for <>; Wed, 11 Sep 2019 19:47:48 -0700 (PDT)
Received: from shuksan (localhost []) by (Postfix) with ESMTP id EE71F40605C; Wed, 11 Sep 2019 19:47:47 -0700 (PDT)
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
From: Hal Murray <>
In-Reply-To: Message from Marcus Dansarie <> of "Wed, 11 Sep 2019 13:06:41 +0200." <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 11 Sep 2019 19:47:47 -0700
Message-Id: <>
Archived-At: <>
Subject: Re: [Ntp] The NTP WG has placed draft-roughtime-aanchal in state "Call For Adoption By WG Issued"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 Sep 2019 02:47:52 -0000 said:
> Yes, it's becoming apparent that the draft needs to include the motivations
> for the Roughtime protocol. The impression I've got about Roughtime so far,
> and the reason for why I'm a proponent of it, is that it is small, simple,
> and easy to implement. I view it mainly as a way for end user applications
> (browsers etc.) and embedded devices of all sorts to get a "good enough" time
> for bootstrapping, verifying certificates and similar. 

I think there are 3 ideas tangled up here.

1) A way for a server to sign that it has seen some bits.
2) A time stamp for that signing and some info about the server's clock.
3) A way to chain 3 signings to show that the middle time stamp is bogus.

I haven't yet seen an interesting use case for the 3rd part.

The first part may be appropriate for joint work another IETF group.

I'm very interested in a way to get the time.  NTS-KE uses traditional 
certificates and checking those needs a sane time.  Rough, even very rough 
would be great.

But I haven't seen that this draft solves the critical step.  How does the 
client get the server's public key?  The draft says:
            long-term public/private key pair  (page 4)
            We assume the long-term server public key is known to the
client through other means.  (page 10)

How much work has been done on those "other means"?

These are my opinions.  I hate spam.