[Ntp] Re: Roman Danyliw's Discuss on draft-ietf-ntp-interleaved-modes-07: (with DISCUSS and COMMENT)

Miroslav Lichvar <mlichvar@redhat.com> Thu, 22 August 2024 13:57 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3500EC1654F3 for <ntp@ietfa.amsl.com>; Thu, 22 Aug 2024 06:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.253
X-Spam-Level:
X-Spam-Status: No, score=-2.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOOz2ZRF-7cQ for <ntp@ietfa.amsl.com>; Thu, 22 Aug 2024 06:57:06 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94903C15106A for <ntp@ietf.org>; Thu, 22 Aug 2024 06:57:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1724335025; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7YgK+Hy0QeVrpPESxjMWrWRRuRhkCQrIWNYqeNwA6ik=; b=Du6endGbExkMrQ+iUV5VJUlGukC1xkJQgEeZUUvH7CXGPfuAr81nuLm8/1FNbe5K8YwwDh kL6zojLlYL/QBsl4O/n5OlV0n963N/ky/wuLHglucXQ8rjGV5yD2eu1tsbhd7mmNoB9J+T hVOFIXkIr4kZihDreNiC8fbiAKTlTxM=
Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-225-0W-yUcr_NZK3aljcO2K9gQ-1; Thu, 22 Aug 2024 09:57:01 -0400
X-MC-Unique: 0W-yUcr_NZK3aljcO2K9gQ-1
Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DBC561955BF7; Thu, 22 Aug 2024 13:56:59 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DBE6F1955E8C; Thu, 22 Aug 2024 13:56:57 +0000 (UTC)
Date: Thu, 22 Aug 2024 15:56:55 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Roman Danyliw <rdd@cert.org>
Message-ID: <ZsdDpzjl8pkJHujy@localhost>
References: <172417302253.2132932.542215599863168138@dt-datatracker-6df4c9dcf5-t2x2k>
MIME-Version: 1.0
In-Reply-To: <172417302253.2132932.542215599863168138@dt-datatracker-6df4c9dcf5-t2x2k>
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-ID-Hash: XOK4ZK66UF4TFJKHL5DI7U6OHXZBYDFM
X-Message-ID-Hash: XOK4ZK66UF4TFJKHL5DI7U6OHXZBYDFM
X-MailFrom: mlichvar@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-ntp-interleaved-modes@ietf.org, ntp-chairs@ietf.org, ntp@ietf.org, odonoghue@isoc.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ntp] Re: Roman Danyliw's Discuss on draft-ietf-ntp-interleaved-modes-07: (with DISCUSS and COMMENT)
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/0QULC6MQw5-MwHf04wNiZLR2yl0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>

On Tue, Aug 20, 2024 at 09:57:02AM -0700, Roman Danyliw via Datatracker wrote:
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Other ADs have commented on the benefit of providing additional clarifying
> language where guidance is described using “SHOULD”.  On a subset of those
> instances, it appears that these phrases could potentially cause
> interoperability issues or have security implications depending on their
> interpretation.

Thanks for the review.

> ** Per the possibility of interoperability or under-specification of the
> algorithm:
> 
> -- Section 3
>    The peer SHOULD process the requests in the same way as a
>    server which supports the interleaved client/server mode.   It MUST
>    NOT respond in the interleaved mode if the request was not in the
>    interleaved mode.
> 
> Is there any interoperability impact if the peer chooses NOT to process the
> request the same way as the server?  When would one choose this behavior?

There is no impact on interoperability. The server can do different
things in different modes and for different clients, or even for one
client at different times. The SHOULD was used here as a
recommendation for the implementation to keep things simple, but if
some implementation had different code paths for different modes
making different tradeoffs, it would be fine.

> -- Section 3
>    A peer A SHOULD send a peer B a packet in the interleaved mode only
>    when all of the following conditions are met:
> 
> When would a peer ignore the conditions described after this clause? If
> implementations chose different criteria (since this list is not mandatory)
> would this cause interoperability issues?

This does impact interoperability in some configurations. If I
remember correctly the SHOULD here was used to not break conformance
for the original implementation of the interleaved mode, which does
not implement the second and third condition. It doesn't work
correctly when the peers send packets at different rates.

The symmetric mode is typically used only between servers that are
managed by the same entity. It's susceptible to off-path attacks. It
needs authentication, which means the peers need to share a symmetric
key. The implementation and configuration of the association
(including polling intervals) is normally expected to be the same.

> -- Section 3
>    The peers SHOULD compute the offset and delay using one of the two
>    sets of timestamps specified in the client/server section.
> 
> How would this computation be done without one of the two sets of timestamps
> described in this section?

It could use a different set of timestamp, reusing timestamps from an
nth-previous exchange.

> -- Section 6
>    A client which supports the interleaved mode SHOULD check if the
>    origin timestamp is not zero to detect packets in the interleaved
>    mode.  The client SHOULD also compare the origin timestamp with the
>    transmit timestamp from the previous packet to detect lost packets.
>    If the difference is larger than a specified maximum (e.g. 1 second),
>    the packet SHOULD NOT be used for synchronization in the interleaved
>    mode.
> 
> How would interleaved mode be detected without the “not zero” approach above? 
> Perhaps by configuration?

The SHOULD here was meant to allow clients to ignore interleaved mode
when provided by the server (i.e. the origin timestamp is not zero).
They can stick to the basic mode if they prefer it for any reason,
e.g. configuration.

> -- Section 6
>    The client SHOULD compute the offset using the origin timestamp from
>    the received packet and the local receive timestamp of the previous
>    packet.
> 
> What is the alternative to computing the offset if not with the algorithm
> described above?

Yes, that seems like the only choice. The SHOULD should be removed and
just state the fact.

> ** Per the Security implications:
> 
> -- In Section 6.
> 
> Clients using the interleaved mode SHOULD randomize all bits of both
> receive and transmit timestamps
> 
> When is it acceptable use predictable bits in the timestamps?

It's a recommendation improving security. It's not critical. The
original implementation doesn't implement this randomization and would
become nonconformant if it was required.

> ** Section 4.
>    The timestamp cannot be included in the packet itself unless the
>    driver or hardware supports NTP and can modify the packet before or
>    during the actual transmission.
> 
> Is this a common setup for “software NTP implementation running on a   
> general-purpose operating system” to have NIC “driver or hardware support for
> NTP?

I have not seen it, but it is a possibility.

> ** Why does the WG consider draft-ietf-ntp-port-randomization a suitable source
> of normative guidance given that it was an adopted by the WG, but never
> finished (and it expired 5 years ago)?

Good question.

-- 
Miroslav Lichvar