I was wondering if anyone knew of an Elixir or Erlang implementation of the Roughtime protocol. There’s also a good writeup here.
It appears like nothing is available on hex.pm or Github, but I figured I’d ask. The motivation is that there are a couple annoyances that people are seeing with using NTP with Nerves in production: 1. NTP is slow to converge for some devices in the field and 2. the NTP client being used with Nerves doesn’t support authentication. Using tlsdate doesn’t feel like a great alternative anymore since it doesn’t work with TLS 1.3. Other options might be fine, though.
Something to keep in mind when writing or picking a Roughtime library:
A healthy software ecosystem doesn‘t arise by specifying how software should behave and then assuming that implementations will do the right thing. Rather we plan on having Roughtime servers return invalid, bogus answers to a small fraction of requests. These bogus answers would contain the wrong time, but would also be invalid in another way. For example, one of the signatures might be incorrect, or the tags in the message might be in the wrong order. Client implementations that don’t implement all the necessary checks would find that they get nonsense answers and, hopefully, that will be sufficient to expose bugs before they turn into a Blackhat talk.
