Re: [ntpwg] Antw: Re: Antw: Re: call for adoption (draft-dfranke-ntp-data-minimization)

[Harlan Stenn <stenn@nwtime.org>]

On 3/28/2017 7:08 AM, Daniel Franke wrote:
> On 3/28/17, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:
>> IMHO it would be consistent to set precision to 3 (the lowest possible
>> precision (0.125s) where NTP will start to work) and use 29 bits of
>> randomness then. Still a half billion attack packets might transit without
>> being detected, but I doubt that.

Ulrich, a precision of 3 is 8 seconds.

> 2**29 packets is about 541 gigabits including ethernet headers, so on
> a 1Gbps link is about a 0.18% chance of attacker success during the 1s
> MAXDIST window. On a 10Gbps link this becomes 1.8%. That's a big
> improvement over the status quo but still a non-negligible weakness.

Daniel, you're continuing to focus on and assume that:

- nobody will notice or care about these spoofs.  The reference
implementation from NTF/ntp.org reports these on both the client and the
server side.

- Once the client receives the response from the server, the origin
timestamp is zeroed in the client so no more responses from the server
will be accepted.

This has all been said before, several times, and you continue to ignore
these points.

Please take a breath of fresh air.

> What's the benefit of randomizing anything less than the full 64 bits?

For extranet communications, I'd likely choose 64 bits.  But I'd also
consider this to be *my* policy choice.  If somebody has good reason to
pick a different number, they should be able to.

I would generally not choose information hiding or extra randomizing on
internal NTP traffic.

-- 
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org - be a member!

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg