Big picture half-baked thoughts
countkase at yahoo.com
countkase at yahoo.com
Tue Apr 26 16:45:20 UTC 2022
Hal Murray wrote:
> What's the right way to think about how security fits into our priorities?
> How should we use that to prioritize our work?
Security *should* be the top priority, and it should have a
significant influence on the schedule. I, however, don't bucket sort it
that way.
> Should we split this discussion into NTP and TLS/KE?
We should split the conversation roughly that way, as TLS is not
our area.
> Eric wants to convert our current codebase to Go. In terms of security, how
> does that compare with getting our code running on Windows? How do we think
> about that sort of trade-off?
Windows deployments would likely not go beyond enthusiasts
anytime soon if we pulled the code out of mothballs. Fleet
deployments would have to go past management which would likely
quash it.
IIRC the intention was to port it away from C. Go was just
the best candidate at the time. Porting to Go would be
mildly problematic; TLS1.3 support was absent last I checked, as
was packet time-stamping.
My strawmen are that instead of doing a straight port to Go. We
should port NTPsec in interface-compatible pieces.
Initially running in the same process, they could later be
separated into different processes which communicate.
Each section would have the basics, IPC, statistics, and the
following.
- the client core would need to run loopy math.
- the clock adjuster would need access to the clock.
- the server(s) would need packet time-stamping and, if without
port forwarding access to port 123.
- reference clocks would only need their specific hardware
interface.
- remote clocks would need packet time-stamping and high ports.
If one were ambitious, they could tie into something like a
not-bad botnet and be deployed that way.
> There is another feature we need. The current code wakes up every second.
> That's evil if you want to save battery power. How important are laptops?
We should rewrite ntpd/ntp_timer:timer() to sleep until there
is something to do rather than waking every second and checking
the boredom.
I think systemd-timesyncd and chrony probably have the laptop
niche cornered at the moment. The correct channel to ask for
its' relevance would probably be statistics from downstream or
the (undead) ntpsec-users list.
> I think we need a script to tell somebody which root CA a site is using.
That sounds like a job for OpenSSL.
More information about the devel
mailing list