Real World Crypto conference

Mark Atwood fallenpegasus at
Thu Feb 4 12:10:23 UTC 2016


I had a conversation with some of the CPU firmware developers on IBM POWER
here at LCA2016 a few days ago, and they also are running into the "how to
get cert crypto before the time is set, vs-and how to get the time set in a
trustworthy manner" issue.

An idea that is being floated is an extension to UEFI and equivalents to
allow admins to set or pin a cert, a signing cert, or a psk, that will be
used by a trusted time source.  But people are waiting on the release and
stabilization of the new secure ntp standard(s) before having UEFI et al
start pushing it.

Another idea is to be pushing time around on the BMC-connected management
network, and let the BMC set the motherboard clock before the main CPU
boots.  This will require a trusted and secured ntp client running on the

Other ideas are to let the L2/L3 switches try to keep accurate time, and to
raise alarms if they ever see an NTP packet heading towards a machine in
early boot stage with a time field that is too incorrect.


On Thu, Feb 4, 2016 at 1:10 AM Hal Murray <hmurray at> wrote:

> I went to the Real World Crypto conference in early Jan.  I met Daniel.  He
> might have corrections or additions.  Many of the slides are here (no
> videos):
> My primary interest was in trying to find a way to get secure NTP off the
> ground.  Typical crypto using certificates assumes you know the time.
> assumes you have valid time.  I didn't find a solution, but at least
> nobody I
> talked to told me I was asking a stupid question.
> I though the best talk was the first one.  Jon Callas from Silent Circle
> was
> describing their Blackphone project/product.  It's a seriously secure phone
> targeted at CEOs rather than geeks.  He had lots of good comments, but the
> one that attracted my attention was that good Software Engineering was as
> important as good crypto.  Have your act together so you can get fixes out
> quickly.  Get rid of old cruft.  Crypto geeks are not good UI designers.
> ...
> Their WiFi was connected to the main CPU via a serial port rather than DMA
> so
> they didn't have to worry about bugs in the WiFi taking over the system.
> Check out his slides.
> There were good talks by Nate Cardozo from the EFF and Daniel Kahn Gillmor
> from ACLU.  The latter had lots of good info/advice for sysadmins: SSLMate
> and Let's Encrypt.
> One of his concerns is privacy/security for people without a lot of money.
> They are likely to be running old phones.  That leads to an interesting
> conflict.  You would like software projects to simplify things by dropping
> support for old hardware.
> Adrienne Porter Felt from Google/Chrome discussed the UI side of security
> issues in browser error messages.  A significant fraction of their
> certificate errors were actually bogus time on the users system.  (Yes,
> there
> really was a link with time.)
> --
> These are my opinions.  I hate spam.
> _______________________________________________
> devel mailing list
> devel at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list