I work with that company in an ICANN funded project to make it happen.
Yes, exactly. By making a Let’s encrypted-provided token available via your web server, you prove that you control that domain name. Thus the certificate is issued only to you, not somebody else trying to steal your site (i.e., get a certificate issued for it).
Yes, as the system is intended to. You proved that you control the domain name the certificate was issued to. And a client can now say they trust the issuing CA, and when they want to access your site, they can get cryptographic proof that they are actually accessing your site (as in, the site controlled by the person/system the certificate was issued to). Nothing more, nothing less.
Sorry to hear that 
Where can I sign up? As they hand out shitloads of money.
I’m pretty sure some developpers here like to get a share of it.
Unless your DNS-account was hacked….happens a lot these days.
Then what? You get the certificate, change the DNS back or reroute without the owner of the client knowing what happened.
Beware, as lot of IT’ers are dumb these days. See how much money criminals earn by hacking your company and install randsomewhare. I know Windows is a bad example, as they are hacked every day….
But I do not agree that showing your server is a proof of ownership.
Sure, it is up to you to decide whether you trust that. So I would assume you disabled the Let’s encrypt CA in your browser and other systems?
As with everything, one has to understand what a certificate means. E.g., the Let’s encrypt service is free, and is intended to be easy to use. That comes with limitations that one obviously needs to understand. E.g., “big” sites, or sites where there is sufficient stuff at stake, will not use Let’s encrypt certificates.
“Big” sites, where there is more at stake, e.g., banks, Google, Amazon,…, get certificates from CAs that have much more stringent requirements regarding proof of ownership, e.g., involving actual paperwork exchanged like company registration documents.
But again, quite obviously, even that has limitations. E.g., a certificate does not prove that the site has not been hacked, or is not otherwise serving malicious content. As that is not a certificate’s purpose. And you are always free to not trust any and all certificates that your OS/browser has provided, and that are thus implicitly trusted unless you intervene.
1 Like
No I didn’t as I do not trust https by default.
But then, I run Linux on anything and check links myself.
For banks, amazon, etc….I use my own stored URL’s to approach them, never a link that I get to buy something.
Sadly not many people distrust https, they should, and get robbed of all their savings.
In my opinion telling the crowd IT’S secure is a mistake…as they take the protocol for being a secure website, and we all know a secure protocol is just that. A secure protocol, but not a secure site….or even trusted site.
How many people know that you can check an certificate….do you know any in your family that isn’t an IT’er? I see people robbed all around me (No I’m not the robber!)….I did try to inform our local police how to educate people…guess what…they rejected me!
Friend of mine is an IT-journalist, knows his stuff, he’s also rejected all the time.
Sure, that is what I referred to as needing to have a trustworthy source for the name in the first place, separate from the certificate/TLS stuff.
Sure, but you trust (or maybe not) your bank to keep your money for you, and do financial transactions for you, etc. Making sure that their web site is not manipulated could be assumed to fall under the same trust umbrella. Then you get the URL through means that you trust. And the certificate just binds that together, i.e., that the site you access really is the site you trust.
Well, it doesn’t work that way.
What criminals do is the following:
Dear Sir,
Your bank account is about to expire, you really need to click this >>link<<
You have to verify your details with ITSME before the week is over.
If you do not do this, all your assets are frozen and your passes stop working.
YOU NEED TO ACT NOW!
Trust me, the majority of the people do this and see their back-accounts emptied.
But the banks got better, with large amounts they call you if you did this.
Sadly, they do not verify with small amounts, typical upto 500 euro!
If you clicked the link the bank will tell you: IT IS YOUR FAULT…bye bye money.
Banks do not care about you being lifted by criminals, they care about ripping you off themselves.
They make money off you one way or the other.
It’s that they are forced to implement better protection, but they act only on that….the rest? THEY DO NOT GIVE A SHIT.
Trust me, they don’t. Else they would not provide accounts for drug-criminals, but they do….yes they do.
I know banks….more then I ever wanted to know.
Sure, again my point about needing to get the address from a trusted source in the first place. Doesn’t have anything to do with one trusting the bank to keep their actual website clean.
Yes I did, and when I said that there was a time when people made exactly the same argument about the performance of HTTPS, I did also say that their argument at that time was completely valid. So it follows that I was implicitly agreeing with you, that what you were saying about your situation made sense.
But what I also said was that we went from that situation, to the one today, where it is quite unusual to not deploy HTTPS. I still think it’s pretty inevitable that the same thing will happen with NTS, though likely years to go yet before that is something that many enthusiasts and volunteers do.
1 Like
This is not the same, that is my problem.
Time is Universal the same and very easy to be checked to be correct OR NOT.
HTTPS is a different matter, as the protocol keeps nosy peoply from looking what you do.
I did SAT-DOWNLOAD at a time, and it was funny to look into what other people did.
As such HTTPS has a purpose. But TIME is universal the same, easy to be checked, it makes no sense to encrypt it. Makes no sense at all.
You can symply type in google: UTC current time → The first answer you het is the right time.
Come on….NTS makes no sense…not now…not ever…
The timestamp in the NTS-enhanced NTP responses is in the same exact format as in regular NTP responses. It is not encrypted. NTS only adds some authentication data to the NTP response that enables the client to verify that the response was indeed generated by the intended server and the data has not been modified in transit.
3 Likes
I think you have failed to appreciate that cryptography is not just about keeping things private, but also about ensuring the integrity of data.
In some threat models it is very important that the data is not exposed to others. Many uses of HTTPS are like that. But in other threat models it is important to be able to trust that the other side of the conversation is who they claim to be, and that what they tell you is what they actually tried to tell you (hasn’t been tampered). HTTPS is also like that.
The data payload of NTS is not sensitive to disclosure, but trust in the identity of the endpoints and the integrity of the data is still important.
4 Likes
Not to mention that public WLAN hotspots are easily “tapped”, so https protects privacy. Widespread adoption of encrypted DNS is still needed, though.
2 Likes
I am interested in NTS support for the NTP Pool. The way the protocol works now makes it a bit too centralized for what I’d prefer, but obviously there are trade-offs.
David Venhoek has been working on a way to have a pool like mechanism that supports NTS, I believe he’s planning to post about it soon. It’s on my list to also experiment with adding support for it in this pool system.
6 Likes
I will very much welcome NTS in the pool. I run one myself and people can choose to use it or not.
I just hope it doesn’t detract from other, in my view more pressing topics, e.g., IPv6, vendor zones (if that concept is to be maintained), underserved zones, getting support requests actually handled in a deterministic way, …
Despite the disclaimers on the web page, the pool has become an integral part of the Internet, with many people relying on it, whether they know it or not. So I just think it would be nice if it were to work reasonably well for clients everywhere, and for the server operator experience to also be more pleasant everywhere, not only in the better-off zones…
3 Likes
Some of his work can be seen here:
1 Like
One “easy way” would be that the pool have it’s on CA which which will be trusted by all OSes and the CA is available via ACME Protocol (easy software for ACME testing: StepCA) for pool server.
Every trusted pool server can request for it’s own hostname a certificate. Each certificate contains addtional SANs for different pool domains.
That hard part will be to get the status of an official CA
I don’t think this works the way you think it does. For one, everyone would have too have a certificate for pool.ntp.org, and if everyone gets a valid certificate that’s trusted by the OS, then that’s just an awful idea. You can’t start bringing in the operators own domains, because that’s not the domain the clients are configured to talk to.
SNI isn’t in the certificate. It’s literally a string the web browser sends to a web server to tell it which website it wants so the web server can pull up the right certificate. There’s nothing called “SNI” in the certificate itself.