IETF Logo Mail Archive

Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standardsecurity

tom petch <daedulus@btconnect.com> Tue, 09 February 2021 11:34 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A63033A19DF; Tue, 9 Feb 2021 03:34:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMbMtWTqJvAf; Tue, 9 Feb 2021 03:34:09 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130139.outbound.protection.outlook.com [40.107.13.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 171703A19DE; Tue, 9 Feb 2021 03:34:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DMbVUUDzYL+mXHbx619rq6NtSZ2N3vpVsjNXPon/MzEy2MESxcKeh4NwF/dMRExmV8FBoIZpJ5pzdADD2v24utPkDITGbZOPO975Sc0iRYlqJfZx9gE7vXA5nTf1wPnk/zKOcE4Ah9DBvDlG1BwwIuIdSgKE+fYnmUjH5TcweI1nbXkX+53Ms1k+DOiRZa7SkhrvpuxQialnLJ9a3a5PQJqI+KsB8H5SbaLAGipPmD1xybK/4kJSrfOkWD1DJk+f6PidF61Wnfx/Yjzdgpbgh/TmlyKMgcSs63mWX7ntJdcXyuNdkSE2EMoFGTGF+vfYV9I01IZKmpvq2LH2uCmUHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=st+EeCGVwQPZBaWITrIvCHFOn5qN/5qI29xVjzGxZRE=; b=AUkwEOZY0JrAU3uPhnqlX5mhwp62rCahrNNQTA2m/p8rBrtgS3QCbOySMIW5e+xyOA5uujG2AG3JVNtYstnQ6MkgRfQH8ZQ/C1kinAFBpGVYataWgMuZdGVQvVgb8mtztiqZlnnIMSl0jDotl+UgvQFd0OFvJ0+8fKj/IBoY6Fglkn1CQ9tdj3fKihoSuwIKjoyOzizpfXZlhhMgP0NJsJD6C2Oyyx9TpIc5tmApi10c4Xx4tA8q/euQqkYMM/IH/eOKez9pTIdAoqG7wrc9EYgzmL8WyKGGp4RHH5tRgZMli+0YHFWQMOjAGaNzq7hqd7NHFauL/GgrB/LVTXuEog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=st+EeCGVwQPZBaWITrIvCHFOn5qN/5qI29xVjzGxZRE=; b=getiFJ6JX/M1LlG8z3zP8t1h8vtzvgL1TzJiLHtOhA/5JmAJLbIEKY7qd7FIZbPxDHdQnZu2KExnKh0K/u67wPmdgxwP3H9rQD86Vc9PB+B9RqK3mM7gOLJa/VAeJNlVhWa8HEJ8p6+okupsmUc8RSRW0tyeozUSbP7wA5pA3YE=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from (2603:10a6:800:18b::8) by VI1PR07MB4141.eurprd07.prod.outlook.com (2603:10a6:803:32::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.11; Tue, 9 Feb 2021 11:34:05 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811%3]) with mapi id 15.20.3825.030; Tue, 9 Feb 2021 11:34:05 +0000
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, dhruv.ietf@gmail.com
References: <161195994417.2651.6499166797756243533@ietfa.amsl.com> <60212265.6020204@btconnect.com> <CAB75xn7tXa1BCHd=KFR9DC=+bA01R1A+X2M4oUbrF-YLx8ExJA@mail.gmail.com> <60223C23020000A10003ED11@gwsmtp.uni-regensburg.de>
Cc: Dieter Sibold <dsibold.ietf@gmail.com>, ek.ietf@gmail.com, draft-ietf-ntp-yang-data-model@ietf.org, last-call@ietf.org, "ntp@ietf.org" <ntp@ietf.org>, "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>
From: tom petch <daedulus@btconnect.com>
Message-ID: <60226515.7030208@btconnect.com>
Date: Tue, 09 Feb 2021 10:33:57 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <60223C23020000A10003ED11@gwsmtp.uni-regensburg.de>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P123CA0042.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600::30) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P123CA0042.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3825.19 via Frontend Transport; Tue, 9 Feb 2021 11:34:04 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b7434c5e-9962-465e-bbb5-08d8ccee9b22
X-MS-TrafficTypeDiagnostic: VI1PR07MB4141:
X-Microsoft-Antispam-PRVS: <VI1PR07MB41419961FC0025E3674D2E7EC68E9@VI1PR07MB4141.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: K2PUzwxLU3gAYhXMrod+VEkVo5jutWaqXnnEC77+beVt+kfU404Nq7q89CaXEQmpgESETqdGLjcaAf2jjJg4AnQyovFJEjBuwOS2ae70EzbrOunl/EKYYOglUkEY5yDJT5HLnunkYGmABgkdpE6FaKsXWMa9SdfEoP/LpWDMpMkA0JYdXnN4sAcbyGtUL/Uxa2FmtGvH3eb/iQgeiaG6ccz+BCu1r8p3by+pA/bxQv7sXO/fnqan4z8VcKzP7rmKoKGP229Qub+M2wo/HT11H2D+pXc2O6Ud9PiKB2EOKHCBQxpj3yfaIopCdHc/reVruRFMFKiNFOkwQyoTf6fKF4R7syxsoEIRZBixPwNkDZHDFlfIj2maNOrF1kGjQr+JW7KYUbi9p08CeUdkqtuz8oTZMRWamCxbhBMkIHs92zh9WYUqH4OZlPNH+LJq8PEGsm50LYzAC8YstvxESzmBby2HgiIczr6A2lE+atsiU774ZnWpdcIuZv1GjtZrkFFbycA05vtr328m3E0OgFPt6GhYJlktfrMffqvbYEaTnXRHd9L9S+vvvpY+U1FWhojaUOgt9fSzpMvlYzGDgJJd+c5rjHulLHXfX3IY2a0X6G/F89ICYMtE7kSx2ZMZO/tr0U/BkbcJ1e7+pcMT3GUmIA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(136003)(39860400002)(366004)(376002)(346002)(52116002)(956004)(2616005)(966005)(16526019)(478600001)(4326008)(5660300002)(87266011)(8936002)(6666004)(66946007)(36756003)(6486002)(8676002)(54906003)(2906002)(66476007)(83380400001)(53546011)(186003)(316002)(26005)(86362001)(66556008)(16576012)(62816006); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: R8qcX+dWpFDr7zHr8KY0duqG1dzMebHOpEAmLrsi2XGf+osPrwJHpLvHqDpEs2dMMyIS6YiF/T/MMneF98X/GXa6AR6hZn+yV2UwYchHJ3B7LbEizjFClLcQ7XuskkUUCX7qrQZrqe+Bzz3nSgpeTmZ+J3bUb80gUSeCZh58P9NB1ZRNvPbdp6oBc68GZ7m8QSS6qd3OcI7YiySyc+ekpmLQIiF08Mno6uF9w2GNoSCyxJCY05kHJJBfdGlXAE4hFBKZG4b6vKWAf/KhCClh+YAM6f0IwX3hZjxCAdT5VSbaMjKrMs7MWw95jNuMWWHkw298T1UAUpu4MkK4I4TjcnHUQ8he1bav/hk+MAFJ5TGE87FL7tOgtb0Je8Gc0+sEzZ1yZC6g+oVdkXlZtrZMq0Llq3PEgyuE99tPYxN9yTEYB0pN4IDq5tllFJZJd29XJex87DDeQKLV431higzM7/N/pQPvDY4aIfvduv1YI/OF6WsxcpPh8NsR49Csl/Hsy5R7J6RCmEUnN6Qj7+Q5TzmnQn/klbCTctdrTzczOEEFU61FrnR60hggqPp0JJZuei33Kw1A0mJkfl4B+Zvv9bY+kvZKrSTuV6fvsVRsAn7eROdmCnexirHOOFm42lfWncPttgzs74i2r9B7ItuT0gJuhM6Sqbbbia2RK5ogEB80g0JOz5oD5ENjoqB4j+O+83yORmI1G1FfR6w2zwh5VlOXCefcS1vmnvm6PwmQ2MMs8bszIJsm4kSnd72hIHm+i+ahFoLx5N/QAZ2c57BiGDE8VYLLo5yNgY74Da1pskZDIqAd4WoZOuvE0L+smgbk6xKVLul34UZXuDOjKDykEoo5l1bnFH1KjLJWJFWm/5vhDdVNNHr21EURvZKySu2ABX2FiS8Z5sXmGUfGkvL4Ld/ptfZIatcSqU2T4o3QUOOsJ+sLRI4T++6xLg2Zz0fxyy4tu841GmeawUL/xf/P3Z5Fec7S78oRyNrc/mCWDdMsv3DzwXcYhrgBXMCTJYxNSy+B5r2KmlEOMu21VRb1c2P96QrjRkK96ZjRUnJJFFYxnfOHXOrg5QCpuuoF/v+8NGAwBBXJBtPtpmqOyvqIUs/r3ebmCHInWPvugty6nMunI6UQvSFVV45gh1tk29VjlV1YA7yLNIwJA6t+rMAIRKhlms0BPRPuDsd0gXNMiRy0MjjLu96tOhD6tfiGf3GQr/qQXUHQIUzHOW6LVw/XlyT9tK8qzBJDhRqX6ER+ePyJ7e+PVkHJCNJktJLU7wzE6yAFIamQPImvOi5F9g0LlVVKcoySNFIhzovN8MirxgTeo5LzQ1GxQS2xnKtIGUDM
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b7434c5e-9962-465e-bbb5-08d8ccee9b22
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2021 11:34:05.1565 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OTZn8yqVBJ6vZ2HAgP6Gf7C9BnKqn81KtQb1USG0QsUzllZ5U/LEYBVdBv7vNRvITtWyO6WYDc8h7pQBRIwpjQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4141
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/0G6WtK7pKjHDVS1tj_ePgDiwaYA>
Subject: Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standardsecurity
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 11:34:12 -0000

On 09/02/2021 07:39, Ulrich Windl wrote:
>>>> Dhruv Dhody <dhruv.ietf@gmail.com> schrieb am 08.02.2021 um 18:05 in
> Nachricht
> <CAB75xn7tXa1BCHd=KFR9DC=+bA01R1A+X2M4oUbrF-YLx8ExJA@mail.gmail.com>:
>> Hi Tom,
>>
>> Thanks for your detailed review. Lets discuss the security first ‑
>>
>> On Mon, Feb 8, 2021 at 6:07 PM tom petch <daedulus@btconnect.com> wrote:
>>>
>>> This is my second response to this Last Call, about a possible security
>>> issue.
>>>
>>> RFC8573 seems clear that MD5 must not be used to effect security for NTP
>>> but this I‑D imports iana‑crypt‑hash which allows MD5 without any
>>> restriction, so is MD5 allowed or not?
>>
>> Good question. While it is easy to restrict the use of MD5 by adding a
>> must statement, I want to check if it is a good idea. The YANG model
>> is written in such a way that it supports older versions of NTP as
>> well. Would barring MD5 configuration be an issue if there are older
>> implementations in the network still? I think perhaps adding a warning
>> in the description is a good idea. I did a quick search and dont see
>> other YANG models doing a check either. Would be good to get some
>> guidance on this.
>
> I just checked the docs of a recent ntpd: The docs say DES was replaced with
> MD5, but they do in no way say that MD5 is obsolete.
> For example the docs (man ntp.conf) say:
> FILES
>         /etc/ntp.conf  the default name of the configuration file
>         ntp.keys       private MD5 keys

Ulrich
The issue here is what the IETF is willing to give consensus for, as 
opposed to what is out in the field.  For some years now, the IETF has 
deprecated the use of MD5 (even though there are contexts in which it is 
still strong enough) so the point of my post was to flag to those in the 
IETF who are concerned with security, such as Security ADs, that this 
I-D places no constraint in the YANG on the use of MD5.  I think that 
that will not gain consensus and that changes will be needed, either in 
the Security Considerations or the YANG or both.

Tom Petch




>
> Regards,
> Ulrich
>
>>
>>> There are features defined which allow the hash in iana‑crypt‑hash to be
>>> restricted but this I‑D does not use them.
>>>
>>
>> I didn't see any reason to use them in the NTP Yang. Can you?
>>
>>> Probably iana‑crypt‑hash should be updated ‑ I will raise that on the
>>> NETMOD WG list.
>>>
>>> The I‑D also uses MD5 in a way that would appear not to be security
>>> related, to hash an IPv6 address.
>>>
>>
>> This is as per RFC 5905 ‑
>>
>>     If using the IPv4 address family, the identifier is the four‑
>>     octet IPv4 address.  If using the IPv6 address family, it is the
>>     first four octets of the MD5 hash of the IPv6 address.
>>
>>
>>> In passing, this I‑D has three references to RFC7317.  This is wrong ‑
>>> the module is IANA‑maintained and so the references should be to the
>>> IANA website.
>>>
>>
>> But even the iana‑crypt‑hash YANG model put RFC 7317 as a reference ‑
>>
>>       revision 2014‑08‑06 {
>>         description
>>           "Initial revision.";
>>         reference
>>           "RFC 7317: A YANG Data Model for System Management";
>>       }
>>
>> I will start working on your other comments and prepare a new version.
>>
>> Thanks!
>> Dhruv
>>
>>> The secdir reviewer might be interested in my thoughts.
>>>
>>> Tom Petch
>>>
>>> On 29/01/2021 22:39, The IESG wrote:
>>>>
>>>> The IESG has received a request from the Network Time Protocol WG (ntp)
> to
>>>> consider the following document: ‑ 'A YANG Data Model for NTP'
>>>>     <draft‑ietf‑ntp‑yang‑data‑model‑10.txt> as Proposed Standard
>>>>
>>>> The IESG plans to make a decision in the next few weeks, and solicits
> final
>>>> comments on this action. Please send substantive comments to the
>>>> last‑call@ietf.org mailing lists by 2021‑02‑12. Exceptionally, comments
> may
>>>> be sent to iesg@ietf.org instead. In either case, please retain the
>> beginning
>>>> of the Subject line to allow automated sorting.
>>>>
>>>> Abstract
>>>>
>>>>
>>>>      This document defines a YANG data model for Network Time Protocol
>>>>      (NTP) implementations.  The data model includes configuration data
>>>>      and state data.
>>>>
>>>>
>>
>> _______________________________________________
>> ntp mailing list
>> ntp@ietf.org
>> https://www.ietf.org/mailman/listinfo/ntp
>
>
>
> .
>

v2.23.0 | Report a Bug | By Email