> But, we talked about how this wasn't a totally catch-22, that we could
> know how it was "at least" some time based upon file timestamp, or
> self-certificate not-before dates, or do DNSSEC without time validation
> first.
> My question is: did this get captured into document somewhere?
In case you decide to write something up, here's what I know about
filesystem timestamps:
- the Raspberry Pi uses a filesystem timestamp maintained by Debian's
"fake-hwclock";
- on OpenWRT/LEDE, something much more naive happens in
/etc/init.d/sysfixtime.
Now filesystem timestamps are good enough to make sure file modtimes are
monotonic, so that tools such as e.g. make don't break; however, they
might not be good enough for crypto, since a filesystem might not be
updated for months or years (think of a device that's been kept powered
off for a year or two and suddenly needs to bootstrap its DNSSec stub
resolver). I think that designing protocols so that they can bootstrap
with time that is years in the past is absolutely necessary -- there's
just no way around it. Working around protocol deficiencies with tricks
like roughtime will lead to brittle networks.
To my untrained eyes, the issue is similar to that of seeding the system
RNG for crypto purposes. It is my impression that this particular issue
is mostly solved:
- some SoCs have a hardware RNG (e.g. TI Sitara);
- the ath9k WiFi driver produces system randomness from radio noise;
- havege[1] works fine on systems that don't do it in hardware;
- some systems save a blob of random data on shutdown, and hash it back
at startup (Debian does it in /etc/init.d/urandom).
I'll be happy to review anything you write on the subject.
-- Juliusz
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet