[saag] Roughtime (Was: software update for teeny-weeny devices)
Jeffrey Walton <noloader@gmail.com> Tue, 18 October 2016 00:48 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8AF1294BF for <saag@ietfa.amsl.com>; Mon, 17 Oct 2016 17:48:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdx9lf5Nlw9g for <saag@ietfa.amsl.com>; Mon, 17 Oct 2016 17:48:11 -0700 (PDT)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A171294B8 for <saag@ietf.org>; Mon, 17 Oct 2016 17:48:11 -0700 (PDT)
Received: by mail-it0-x231.google.com with SMTP id k64so16761930itb.0 for <saag@ietf.org>; Mon, 17 Oct 2016 17:48:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:from:date:message-id:subject:to:cc; bh=/gzvDZikEX/cnFdKz1bJDYUpuja2WCJTbWVidldvwZ0=; b=pES7P0KcvKvsvh6kHSQ5xhGyOFL4C4EEnWJfzDFnT+P9rEqFKtegWofeF9YHqQF9gO Yp2XCU409CgjvYHBfdvmgjt8sy5thN8Z06p8xZMc/85RvKKiRKauyzMDBMXE4cpAJP+L WML2iuTY4EVXYYChYmMIHtEaMWGyTt9CD+oBEDwiSFFb8UdhH0b310N0LezZL50GCtbu +q0SY9cp3YgSLHZqZ1UVk9hv+ZsOWmszPTEGv9Z0Fh2naHFXmZv6QlIFjLL2802dWVWh 4+6cuTtHZ08nukaRvBU0w+MZjBL3eBvaiIttLgb/b/OVUo3Y0ZziV4lKmvFbL4rckIki /KXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:cc; bh=/gzvDZikEX/cnFdKz1bJDYUpuja2WCJTbWVidldvwZ0=; b=CBBwzTtj0UKCLVWqzUxrbfr9Y+VnayFjdzJrJHv5u2ab+9XwLh7Wv80//XLUbsxEbB QtT1vSNKL/J7Ys7drlStmN8kzEsfkH4YitTsmmH7Q2zUwADwdVV8Wd14La3geHpwZwtd haf4Gh/B7VpKfJnVrfMVWaL0bZ05ofOBQufMXvLuoVIdmxKxqShFP8DVAzJQpmLUSqUk sLIil/DdQOmLqEL/4mfnf33IBPe8c1YN2O3DuG7AlbvRIYmKt4kL1LDOyG0lp+jRgWcL LRow2YVsg1wA2tYAK0B8gq4/0yHY5HQdVMOfs2zkXjJ40XaW8hAoYqoOhI4Uz4XMpJ23 DwjA==
X-Gm-Message-State: AA6/9RmHPJRcbJxr/+DAuMwB9y8S85NY61rNdJWFnbLdSUa3UJB7G20/1yFfs+quq+MU1HOQ3YKeCmv9XzN1oQ==
X-Received: by 10.36.89.206 with SMTP id p197mr10953810itb.103.1476751690397; Mon, 17 Oct 2016 17:48:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.36.194 with HTTP; Mon, 17 Oct 2016 17:48:09 -0700 (PDT)
From: Jeffrey Walton <noloader@gmail.com>
Date: Mon, 17 Oct 2016 20:48:09 -0400
Message-ID: <CAH8yC8k39251SehL9UDgiszK-NTCSW4xUQYXLo2+3t-zS71M1Q@mail.gmail.com>
To: Ben Laurie <ben@links.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/SZ-_l0vG2SNpI2VGXrYSHzLWR9E>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: [saag] Roughtime (Was: software update for teeny-weeny devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: noloader@gmail.com
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 00:48:12 -0000
>> Our story for >> providing time securely to these device isn't that great either since >> NTP again assumes that you have been configured with the correct time. > > How so? > > BTW, are you aware of roughtime? https://roughtime.googlesource.com/roughtime I'm not sure this is entirely correct: "There are essentially only two ways to achieve this [accurate or fresh time]: nonces or synchronised clocks.". If I am on a train with 100 other people or a stadium with 500 people around me, then it seems like a gossip protocol would be able to provide the correct time also. The crowd always seems to converge on the right answer regardless of how wrong one sampling is. I've been looking for a paper that explains it for a couple of years now. Jeff
- [saag] Roughtime (Was: software update for teeny-… Jeffrey Walton
- Re: [saag] Roughtime (Was: software update for te… Tony Finch
- Re: [saag] Roughtime (Was: software update for te… Ben Laurie