Big picture half-baked thoughts

countkase at yahoo.com countkase at yahoo.com
Tue Apr 26 16:45:20 UTC 2022 

Hal Murray wrote:
> What's the right way to think about how security fits into our priorities? 
> How should we use that to prioritize our work?

Security *should* be the top priority, and it should have a 
significant influence on the schedule. I, however, don't bucket sort it 
that way.

> Should we split this discussion into NTP and TLS/KE?

We should split the conversation roughly that way, as TLS is not 
our area.

> Eric wants to convert our current codebase to Go.  In terms of security, how
> does that compare with getting our code running on Windows?  How do we think
> about that sort of trade-off?

 Windows deployments would likely not go beyond enthusiasts 
anytime soon if we pulled the code out of mothballs. Fleet 
deployments would have to go past management which would likely 
quash it.

IIRC the intention was to port it away from C. Go was just 
the best candidate at the time. Porting to Go would be 
mildly problematic; TLS1.3 support was absent last I checked, as 
was packet time-stamping.

My strawmen are that instead of doing a straight port to Go. We
should port NTPsec in interface-compatible pieces. 
Initially running in the same process, they could later be 
separated into different processes which communicate.

Each section would have the basics, IPC, statistics, and the 
following.
- the client core would need to run loopy math.
- the clock adjuster would need access to the clock.
- the server(s) would need packet time-stamping and, if without 
  port forwarding access to port 123.
- reference clocks would only need their specific hardware 
  interface.
- remote clocks would need packet time-stamping and high ports.

If one were ambitious, they could tie into something like a 
not-bad botnet and be deployed that way.

> There is another feature we need.  The current code wakes up every second. 
> That's evil if you want to save battery power.   How important are laptops?

We should rewrite ntpd/ntp_timer:timer() to sleep until there 
is something to do rather than waking every second and checking 
the boredom.

I think systemd-timesyncd and chrony probably have the laptop 
niche cornered at the moment. The correct channel to ask for 
its' relevance would probably be statistics from downstream or 
the (undead) ntpsec-users list.

> I think we need a script to tell somebody which root CA a site is using.

That sounds like a job for OpenSSL.

More information about the devel mailing list