Re: [Ntp] The NTP WG has placed draft-roughtime-aanchal in state "Call For Adoption By WG Issued"

Marcus Dansarie <marcus@dansarie.se> Mon, 30 September 2019 18:23 UTC

Return-Path: <marcus.dansarie.nilsson@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9FD4120052 for <ntp@ietfa.amsl.com>; Mon, 30 Sep 2019 11:23:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.477
X-Spam-Level:
X-Spam-Status: No, score=-1.477 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xxa4VON8WXn for <ntp@ietfa.amsl.com>; Mon, 30 Sep 2019 11:23:30 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C984912001E for <ntp@ietf.org>; Mon, 30 Sep 2019 11:23:29 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id r2so7781730lfn.8 for <ntp@ietf.org>; Mon, 30 Sep 2019 11:23:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=tROBVyV//kJd+PjeoK9Gi3htG8B3Bym5Un4UiG3Ewi4=; b=RPNf0rU1SgKlsA+KX24Gz2v7h51YXky0E6Omz9k62EFBMPq+pWWVnQeOGLAS7jD5l+ zv2fiPj8Ka3Q4wHgv3ghzWaLLfRDYv0P9HIZ5onm2JBT4nDzVEZ/M8Gkte5YcZQ1qH63 2++NVkE8IrSXCr9UPvX7NaO33HpUmP19Ax1lOWj7H0+V6Kd/xFNLb3L5GcDqkgwz5Scx fGkBRbEBJAkhKSHlkj7oWpcdh/PNY/iwMH5h+R9nVWb+xaDNl7Xva5qAUwtt+YMNIOQe n0tepSkK8ojjzRrDcGUdQePJ12s6FqKASw0NjsXsWm43wTZ5JBaI1UV/5A5jBs5sg5aM M3kQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:openpgp :autocrypt:message-id:date:user-agent:mime-version:in-reply-to; bh=tROBVyV//kJd+PjeoK9Gi3htG8B3Bym5Un4UiG3Ewi4=; b=PUx74VK5M/HJNB2565i1P3LxH6c+RBTfjU04oantliyopqOTkVwFcFLLxqdNXxI++n 7T3HNDS+NyMXUupSvYKjYV8v//p8Ts4AEhCWth9DlLf560P7k2QS9IMEb29Xgh2GNuCR XXu1cUWJEOZOO/WRYZYipGMDIMWtFhF7kzvd8vkq6g8BXLLDs+OJxW3N0t+duwwqAxua Bg6D7nHuG0zhptNqhnXaKxTKgifWkO7UHlvYbbToHEQ1LEatYPc4w1/O0WcGgLciZuvJ 1JtBFNZavpqefTX2+QVCwRtpdOsChkcxHSA3IpiFy0uBWZRcvdBM4Yu5V5gymOrhNI/h 9DVw==
X-Gm-Message-State: APjAAAU9nXhAuBj6eVYLLPjG3vRp9ZlM2ZxZQDKxeopP/0v6sZmt9RZd oDEFuSHZ3Th59I/f8/1CWCPLxToT
X-Google-Smtp-Source: APXvYqyT0audtCX9q4tJWLhTObzd2lTfbbTxzC9oIEZt+Ah8OW3sH5h5aoX3QTjFi9GuAOafwUZlog==
X-Received: by 2002:a19:741a:: with SMTP id v26mr431948lfe.79.1569867807565; Mon, 30 Sep 2019 11:23:27 -0700 (PDT)
Received: from ?IPv6:2001:470:dfe6:0:b82a:6bc:b073:ecee? ([2001:470:dfe6:0:b82a:6bc:b073:ecee]) by smtp.gmail.com with ESMTPSA id l7sm3454339lji.46.2019.09.30.11.23.26 for <ntp@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Sep 2019 11:23:26 -0700 (PDT)
Sender: Marcus Dansarie <marcus.dansarie.nilsson@gmail.com>
To: ntp@ietf.org
References: <20190912024747.EE71F40605C@ip-64-139-1-69.sjc.megapath.net>
From: Marcus Dansarie <marcus@dansarie.se>
Openpgp: preference=signencrypt
Autocrypt: addr=marcus@dansarie.se; prefer-encrypt=mutual; keydata= mQINBFawEn4BEAC8YukDy8f3eczlE8WAcuctrjsNltPCLZDzcj3vBmiayXlXuPULOopqeuw4 +oaZqj4KqvdFBA1mzvwPll7IHePuwAoJYJr48IbIXc9MRjtLoFtd0KnhiVPUS8F2cmfzSJ8E FEv92sz6UT8/tlLEu6sNqr6/caYUivspuW5wf4f6nkSE+6rao9Nx9X03r289IPNBSZv+Y/Ym jWHDPpbT8WLUJZ+A8RsW/1oza609oAzqTkclmnRzip8wZZWNg3Q55P7onBmTIOrEz13My9r5 DWCMHyxXgFL1RJ9YW0t4yRkRm+HvOn3Vesk3m8CCGA6esHV0IPZmBOxJr3l+UQYuDiTgFufr WMpu5MvlyKGHS4fNd505DyyJY2G6eQLLrOq3nZy4qoZSL42TMxzYglexg+H6P/YsIIShk5Ch h/hNphXjrElDWhbGT5JiRWIivgSj/gq5QVBbDLR3b25n9PA0byGemfcEHLkii6EKyH7GW6v9 sgmvCmPfEfppYcOP2g9Jdt8RPitx0UBjoCzWAn0Py0NvlFDyz0FQhWDPig3yo1CG5ljb686v VBwcHJthczUV0rIyVzfmnikIb9ZjydHSX3fFwLz1IcIIX+INS58qA0SDqOoyP2WTYGZCDPVw GMMh+wMtAL2MICTr6vybFWB58m4PsI1j8Ri+AQiEkxyJauI2WQARAQABtCRNYXJjdXMgRGFu c2FyaWUgPG1hcmN1c0BkYW5zYXJpZS5zZT6JAlwEEwEIAEYCGwMCHgECF4ACGQEJCwkNCAwH CwoEBhUKCQgLAgUWAwIBABYhBBfkVFb0H62SH33Csy9j5/6tpPBjBQJcLN6RBQkHXf+TAAoJ EC9j5/6tpPBjZNoQAI87t6fNeEDUe3mVxvhHbh0IQ3NTv5555HstmNA6ZKYeUhFIRFGGxo1D a93viLr59dL58NR43O4MA6IJTsOdCxnZfGMLRs7yHGylnilJEh9OwFHEJp0GprJ2RqfBGJsQ 0qQu90ptGhNWHeN1nEVPYg6tyTz6jFG+YuvHzIZjpCFY0xG+J92gncTDG8082kkp/fxSvKGr 6nxiH9lOxItJsUjRF3fUsmr8QERKfaYkrHaqEM05q0zlQu+ofwmq8oHk2Mlx+Earb0KgGWqM 85l8+uVnM/DKeD6qH8zAaOQImcyEn7KNQuHR+FELPRFFJ5BkSrJXat8P4ViC4Md0lF3X3sm9 nxztGbVD4v9M50ci7hosVsiqslU/nMv59f3NPATR+sOZrq3K5rSUGeVbF3+3ZT3fF4FfE7Gl ldtS8D4Lq8MYbfuFD4JnhqLQf9nuOeBH2qcJf6M6R5yi+NwEF7w1xGWYfI+ifNRlPl5FCJDj ft3JFxswKMpobyp2Amo1oman7kORTZ+dnQ9JNLZSbqSZRZ7CQt30exO1jgW0H0oYKVlZ3p3Q VqVC4BA5Ap7Pc6Da7LlgJnF6yfy1ODFllYBIT4kLOL/99W9CsKinaa6pJAjfs+x1QzzrR0ji ucHinLTeZ4JYDtFxXAEkQ2tuxaouoz+cLwrOwTepiBOiUtYnAg8tuQINBFawEqwBEAClJOj1 zOQTMRGzLK/08tEdwR4EwBDiWNci0JtjT59xtJdlGujuf/9wkt9hRIiALqt8U0vHwCzmxVTP Eueewv40WOraJzzDv6OBXJZMeF+IN1/CGrZcn8rLG9J1CyyVf+gCxUUXmpQDlE91iYMB4ifj dTTTizRnVYOQh54TV0yyiL2bn+ZdL8NYNpUbpoG2vppltt0NXv9ib9WPug9Q8Sx33CkkCj3F HJLHeHqo6AkFTpBdSn6/Ezs+ZHpuhNCHtrZyiJOi2YZ8EzpuxDwVjHLh8iXu0amlXSGP5wA7 MpNEtomhGw3bUr3aBcenfS4u/RE3V/y+vXae33LtVmaH7sli0SmrP8iUxkks2qjtS6W2a/qF xlHK/FXBChNIG0uRROvDlIudg6UHzQlK4mBdraGz4etfDpsNAX0x5ssxBTaFrJlZz935GPLR sg4o5f+FYcQrIZGisfCmiH8rdF1bkz450/OyfzS7lTCoxeizOnlamVwUCTfrWah/l8BXgP/i Y6KlbGpfr7aVYvA5e7fPe7uRqzPsxq7pL72r3p/TkNuPtJ7cbShN99p7v/v38STSJ4jbzy2W LMBFw5dJI73XtSGU2g/viZgVfl4Tro4XeYMF/FmRDiYcd+GpuDoB+g+NJYpGRGnr4+GgWl9U YCnN1TE9LSpvehvvKMvGqi0U1ENOUwARAQABiQRbBBgBCAAmAhsCFiEEF+RUVvQfrZIffcKz L2Pn/q2k8GMFAlws3qsFCQdd/38CKcFdIAQZAQgABgUCVrASrAAKCRDBCAAOw+Eh5rtYD/wN eZOov+0rwhszfD+IY9fI4qFUjuiKWR06fJ60HV7cStkDW6WtrF+NkUAwH5G0yrA+izyI9wtR 4r5OW5ruPWTRbHxOmsLfRnqh4dKU6uCvtoL+LNzAMyPORiZkzomOaKAPdtiVgECVupLsApDl 4tI2hpMYKmeTVuessXa83oGOi8uQGK/M57Koz20KPfLltJBsCcOwofCUdbmaPOlN/DspOaIe LWzN7qb3pzAuUltBCvVI3VRgqvfh6JSiGyaSUfjghfbtz0uAlZ4wSfHX2+Iw+1/9mlElZjkC y6QgxCb1vMqGSw5u596aGVm7m2zVGLn4/xhpFNbxHUwWre/AAMtJR5ASK3cq2au1U2rOja3f rRfzMuBqTrQGb+OcCaesaOssd7t+RmDKfv0u40z6ls9Mzav+BCXzfOnb3HNAgJE5C/xApTsd xhn5BZoxHy8N2Pc0emWe6JI5UDPlKpuwH6JDKrLaoHhE7Gy2U6iinQcgI5IEEa8wmwoWfkjU 5phTbZVHJ+yTOeZWcbJtyFIX18fbzyrZWguo1EWHubv33KqbiJ6klpfg5chwKXWZIlLmbivp Dv0KRybk5GB+X83OpeAH9dKT3kvcu6midppjFzakSIiaoSJDS9jcqQYEiRG71lnD7QdCoqjb fHZh8HXGYSbenDzisWIRouGsimOyeSaX6QkQL2Pn/q2k8GOq8g/+PAcag2kmEQeJIVEtVCA3 e+/v+9XTi/7X7fZ247gAHbbaZKavRMFmgVsJNq6riC4HoetUWwMWJ2A/buSVMVJwAd5pWXAq WkOPWgv60FN92yfdUPjXXhLMXhntCLaRbNmKw0gETFLlUGXbRHyiO02EbJziI+vOr3R3AYa/ JEvsCHKX6TUm/HerBmzTUOi/igtd/H7B4EYcO5bZLKSJ8RZT5hKwOpVIYOdvBWZx2+MTG++A w6mDCgpIRseWgsyrkfsKkf+xQw0JewsFMyW5z+swV5/SCrhzexRIh1Jr5KBQ7FI7WgO5l46o EKtCmBjDSckdlBg5wfpPHK4s3k3FreX/tPqrzwTaBY9NIyzLGE2KFgr5lTWOr4P5xb37CNg4 hCzSJStvrlR/MscUmjaYR+dHCwzNr5tkBDSIqBKw6THWV+i0g3Vo41FF06Eg8dnW0yMX5Vfp zw9YYFsTV+WbKBTRwNA6OsAkkD7zMU0KzL3+i33uzgo+CffBYJs12yABIWXtNWlXiJpqePyh /6PTEfYMUE7dDr8qlEt23AoGs3Eme+OgY/Y5Yv03jcINp98/qnXnnqf9ghpVavajVwOIQui5 CMxWUkDweNyEYJA4jaKkov5/iwssNosBSF007b4loCXLv45iz8jkQwYHUwzH86W6Gk13/bdt v0ksRjKe291ygQm5Ag0EVrASywEQAMscigyDy6txQ/cUE8P+S9zMPNbsTSqa3iyj0SREswxm JsrUou+yOt/Y4UxGX+JLc/zjI1+frWE33CNmucYMtrZSrxgQDp+Wp8Ak7UNQlBtRIjdcPqmA EFzgG9OP7If7MJZMeWVd47ybIYUKohuTdFgwJSF80f+DGLLjIchyVZbvyZWSQKIAxfavmZr1 CNEVYXyrL752rLVB+KnQgJaFqHFPp6cO/Y20ViF9QsLRtlref1VrxtdPuILhEKMmmc+ZRsDh J0V8Mi5q8pWcYWrz+JiVRyA1ULAhg6C2ypj1cFNnQyN22XptXbz687bqZQxar5xyAAV4D6i/ 8q1kNgSsbDq+XkWuGjS9kmvLGM9kGARNhMFNguJSgSfqZExPAJhCZ4hVboTKFoRR10482rlO yj0Va0GbmpGqftjNodA4mjpBi52pNymUF+s6eTk13L9DOOJ8d0+2Qd6e4uTeNXJhNW6g2l7b 5dt/bbHMla7hgqRKUtTqQRR2JCpP3vF4sHWnXYdEcJSACarBcxbfdwZBnF9Nwv7GiNTEEg7O +8qwlj16LTB8oNWjOwAHiqg0xQlL8JTz2rkX0gUIW1Hy9A6b6UikViRbmpHXg0s7364Xtxji mkKD8DVnC5NJDiwZztqG2iW7kxJnfA+eAClKEh+niZo5NpjWNUfhjUXM5DNVHtchABEBAAGJ AjwEGAEIACYCGwwWIQQX5FRW9B+tkh99wrMvY+f+raTwYwUCXCzeqwUJB13/YAAKCRAvY+f+ raTwY6oaD/9Q1RhI/RNI0TmS60ih7gTZ1wvWbU24qGHZ1Q5kgriS5C59IWDkVlOCx2qQVwJO eGBrUHDhEuL2AuAF46Rmh+tIFMqij8Orz8zebSydM8aBtSPua2QpAta/IJS/5jvGN0aKbim8 MpD9oCHFp7N+37p7e5jrpLHz3qh5cDau+fFDUzS04gtcgkJb3wXg0MhgoZF/KU3JSq0Xs0Ni ioljOHDgOddGzO7Dd2KbCW2vtzo7m50yrLHI77hsocnkqrIcIn6TeYtH7K1aksEI0KC2Sg0b ome7eO8jCziXZO73iwq9hflXAiZp9CM2HWlb7e2zXe8vChJorEf+9w3t/jyvQzCtOf12jUM1 xr99DODBAEtJ0/tUfSsGvfETmAhYD2tjRmVwzB7jRq6U4bc5jtcYEL5YKEWBIvJDVvzE3iu/ HHjc83bIIyqxeYyT3uClTWPVP5OEWBxGUas7u3hlxxmSzGjpXUDBZyoeC+Q6Q3WUp6zOSg+/ yVwD/KBQQ/Sy6vOfvgh6PmsP1D5xCZSl6UWnxSi8lTtAcjUjHyG1qCudR/pmDv0OL5Ul8PeF 87DBMz4Y0our+MslzlvhrmI90XcKAyHrukdnanS+gle61a44uFwtUGPTvCtSW4AQLR1uixc8 qaHsQNmXpQQOIt6nudcOCisXa1c6P/WU8I94u9BmCjTWRQ==
Message-ID: <5e889fcf-6c5a-6999-e923-01f41bd09c59@dansarie.se>
Date: Mon, 30 Sep 2019 20:23:18 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190912024747.EE71F40605C@ip-64-139-1-69.sjc.megapath.net>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="48wUh3QXtvgQpWUxtsKNx1E0AzAOPQyJP"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/yvZBlzK64llyiAwnzokL-nYg57Q>
Subject: Re: [Ntp] The NTP WG has placed draft-roughtime-aanchal in state "Call For Adoption By WG Issued"
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2019 18:23:32 -0000

On 2019-09-12 04:47, Hal Murray wrote:
> 
> I think there are 3 ideas tangled up here.
> 
> 1) A way for a server to sign that it has seen some bits.
> 2) A time stamp for that signing and some info about the server's clock.
> 3) A way to chain 3 signings to show that the middle time stamp is bogus.
> 
> I haven't yet seen an interesting use case for the 3rd part.

Chaining multiple signings allows for creating proofs of bad behavior.
If a server owner purposely serves bad time to a small subset of users,
there is currently no way of proving that in existing time protocols.
(The server will appear sane to non-targeted users.) With Roughtime, the
target of such an attack can present proof that can be verified by anyone.

> The first part may be appropriate for joint work another IETF group.

Yes, a general timestamping protocol is probably of interest to others.

> 
> I'm very interested in a way to get the time.  NTS-KE uses traditional 
> certificates and checking those needs a sane time.  Rough, even very rough 
> would be great.
> 
> But I haven't seen that this draft solves the critical step.  How does the 
> client get the server's public key?  The draft says:
>             long-term public/private key pair  (page 4)
> and
>             We assume the long-term server public key is known to the
> client through other means.  (page 10)
> 
> How much work has been done on those "other means"?

My view on this is that it will have to be done in the same way as with
TLS root certificates: the operating system/client software will come
with a set of trusted public keys. The policy for inclusion is decided
by the software maintainers.

Kind regards,
Marcus