What's left to doo on NTS
Hal Murray
hmurray at megapathdsl.net
Mon Mar 4 09:46:11 UTC 2019
>> There is no security in the pool anyway, so let's put that discussion
>> aside for a while.
> I'd take exception with that statement. If the pool was upgraded to use NTS
> one way or the other, it _would_ provide some extra security over the status
> quo. It's a different kind of security than what you get from running your
> own time servers, ...
Putting a lock on the front door when the back door is wide open doesn't
provide security. I expect that security geeks have a term for that similar
to security-by-obscurity.
I don't see how to use NTS to make something like the current pool secure.
-----------
But let's consider something like the NIST servers - many but not zillions.
What tools do we have for secure load sharing?
Plan A is to give all the servers the certificate and private key for
time.nist.gov and do the load sharing via traditional DNS rotation. The
disadvantage with that is that there are many copies of the private key out
there. One leak and the whole system goes insecure.
Plan B gives the servers individual certificates and names. Now we have to do
the load sharing at the DNS level. I'm not a DNS wizard. NIST already uses
CNAMEs for this. There is no POSIX API for getting the CNAME, so we would
have to write some DNS code or find a library we like.
Plan C is that the servers don't need any certificates. We have a central
NTS-KE server that returns the IP Address of the assigned server along with
the initial cookies. That requires coordination between the KE server and the
NTP servers that will decode the cookies.
Plan C1 is that the ntp server and KE server keep their idea of K in sync.
There is discussion of a way to do that in the draft, presumably for things
like this. The idea is that they both use the same algorithm to determine the
next K. I'm not a crypto geek. I'd be happier if I didn't have to use that
approach.
Plan C2 is that there is a secure communication path between the KE server and
each ntp server. A script with ssh/scp could do it. Send the new key file,
and send a signal to ntpd to reload K. Or send the same info over a TLS
connection.
Plan B and C can coexist. Pick a nearby server by hand and use plan B. Or
talk to the generic KE server and it will give you IP Address and initial
cookies.
--
These are my opinions. I hate spam.
More information about the devel
mailing list