Read on Twitter
Huh, so I guess this means NTP is critical infrastructure for proof-of-stake chains?
Related: Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg's 2017 paper on "Attacking the Network Time Protocol" https://www.ndss-symposium.org/wp-content/uploads/2017/09/attacking-network-time-protocol.pdf
Related: Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg's 2017 paper on "Attacking the Network Time Protocol" https://www.ndss-symposium.org/wp-content/uploads/2017/09/attacking-network-time-protocol.pdf
(Granted, if you're using Cloudflare's roughtime service, you're relying on Cloudflare signing TLS certificates - "but now you have two problems...")
Thinking about it more: protocols that implement epoch-based slashing are forced to rely on:
1) Cloudflare's roughtime service (so extension Cloudflare)
2) NTPSec (same, more potential signers but still relying on keys)
3) plain old insecure NTP (gah!)
https://blog.hboeck.de/archives/890-In-Search-of-a-Secure-Time-Source.html
1) Cloudflare's roughtime service (so extension Cloudflare)
2) NTPSec (same, more potential signers but still relying on keys)
3) plain old insecure NTP (gah!)
https://blog.hboeck.de/archives/890-In-Search-of-a-Secure-Time-Source.html
The thing about securing time - is there are typically two target user pools:
1) You really, really care about secure time - in which case you're most likely doing gov work and relying on your own stratum 0 device
or
2) Eh, most likely you just need 'good enough' time
1) You really, really care about secure time - in which case you're most likely doing gov work and relying on your own stratum 0 device
or
2) Eh, most likely you just need 'good enough' time
I would guess most network operators are in group #2 - if my NTPd source gets spoofed, it's essentially a griefing attack; clients won't validate my SSL certs, and maybe my routers will drop BGP sessions b/c they don't sync with peers - so yeah, that means downtime and an outage
....but that's "potential future downtime" in my threat model. Network operators spend a ton of time modeling costs like this - in this case, potential of future outage * cost of future outage is weighed against cost of mitigation
Moving to a threat model where existing resources can be *irrevocably lost* when time is out of sync is, umn, new and exciting territory for most of us.
AFAICT there are no existing secure time solutions that don't devolve into either "trust this key signer", "trust these key signers plural", or "run your own stratum 0 / stratum 1 device". We've just never had a need for anything else.
