Re: [Ntp] An NTPv5 design sketch
Miroslav Lichvar <mlichvar@redhat.com> Thu, 16 April 2020 08:29 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2F23A11DF for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 01:29:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MT3btdwqnvf2 for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 01:29:19 -0700 (PDT)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D7673A11E4 for <ntp@ietf.org>; Thu, 16 Apr 2020 01:29:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1587025753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VMuEoKLsY+U2sjLAMTt8oCbokdno6Em2d/WyG/2wnTo=; b=KcMh9h/uV93HXXRMHdszl0jiJsT5y5dMarV5GWPfA1XeO8JgOQgnPzVFsVVjqGtRAdz9t6 ZmqZPeYKWWlHLcivw4IVk/d9tNU1WBPhTN0U4T6SpB1h6141Po0LmV55lcB3g7vIZUpeNM Wh9PoQ4LKOoEhtSKNQpbne9HX5ZN5ZM=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-474-m_WQTHBQOkCyUy8S5ODWpw-1; Thu, 16 Apr 2020 04:26:01 -0400
X-MC-Unique: m_WQTHBQOkCyUy8S5ODWpw-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 63D39800D5C; Thu, 16 Apr 2020 08:26:00 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B1A3428980; Thu, 16 Apr 2020 08:25:59 +0000 (UTC)
Date: Thu, 16 Apr 2020 10:25:57 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: NTP WG <ntp@ietf.org>
Message-ID: <20200416082557.GI1945@localhost>
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost> <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/-A4XyIXC8kTS7z-lYOHzjJ0OLzk>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 08:29:24 -0000
On Wed, Apr 15, 2020 at 11:57:45AM -0400, Daniel Franke wrote: > On Wed, Apr 15, 2020 at 3:20 AM Miroslav Lichvar <mlichvar@redhat.com> wrote: > > > > That code will likely need to be updated to fix security issues. > > So will the NTP code itself, not to mention the OS kernel and whatever > else your device is running. The device may be very simple. It may not have an OS and NTP may be the only networking it does. It could be measuring intervals in a physics experiment, or controlling a robot in a factory. Consider where and why PTP originated and that NTPv5 with its correction field might be usable there too. > Different NTP implementations have had > serious security issues with widely varying frequency; so have > different TLS implementations. I'm not going to engage in arguments > about the precise quantity, severity, or inevitability of these > vulnerabilities; I'm just asserting the lack of a qualitative > difference in the historical need for patching. Well, that would be an interesting exercise, but I think just from the nature of the domains it's much more likely a TLS code will need to be patched than an NTP code written with the same care. It would be also interesting to compare just the protocols alone. How many issues does NTPv2 from 1989 (which is not that different from NTPv4) have? > > It would help if you could explain why do you think it should. > > NTPv5 (as I've sketched it) depends on NTS for more than just > cryptographic security; it's also version negotiation (NTS Next > Protocol), server discovery (Server and Port Negotation), and > anti-amplification (address-bound cookies). Making NTS optional would > require alternative approaches to all these issues. I don't see a big problem with that. Supporting NTS is much more difficult than supporting those extensions would be. Being able to use other authentication mechanisms (e.g. symmetric key, or a successor of NTS) is an advantage. > It would also > complicate the packet format and add landmines for implementers > (granted, already present in v4 NTS) around correct handling of > unprotected responses. Protected responses need to be handled in the same way as unprotected responses. You never know if the server isn't compromised and trying to attack you. -- Miroslav Lichvar
- [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] [EXT] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] [EXT] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antwort: Re: An NTPv5 design sketch< kristof.teichel
- Re: [Ntp] An NTPv5 design sketch Salz, Rich
- Re: [Ntp] An NTPv5 design sketch Kyle Rose
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 design s… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 desi… Miroslav Lichvar