Re: [Ntp] A simpler way to secure PTP

Doug Arnold <doug.arnold@meinberg-usa.com> Mon, 10 May 2021 14:43 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0744D3A1F31 for <ntp@ietfa.amsl.com>; Mon, 10 May 2021 07:43:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3bVwZqNARIVR for <ntp@ietfa.amsl.com>; Mon, 10 May 2021 07:43:23 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060.outbound.protection.outlook.com [40.107.20.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B63243A1F34 for <ntp@ietf.org>; Mon, 10 May 2021 07:43:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K329I5Yk/PmEAiZCv6NsdqHpSwyO/EHWjvht4Aiyvj4wOiQ67RgfDFXNja7SPrwZNwpGbsVNRhPwnB9WPvlLgpPEZwvmFjh4cDPxtP8bwqTESDMMEA8SfWz6pljdkaBroR4+TVT4wgr05vxEe1QSMfKq19it7fSNqaerbdoKnvy3HjzXJfc+2i6h+eatQlElCqx+womRMN7m7489tNjalgd0vLf+Ry/v8x4IfVGjnE775yIpvtHVVGnELLSFxJe/xQdid2T43UDFVL+IaIlxI9z76NdlYBOAxRLWL/M3MTWyF0niaswK3cMuUQ/pA9j5EA3dWSB2eb0fxQKyxWXx4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/7//S5NDQRul+v1ErfRdTHh43NFo2HKjFfW+Cm15aKU=; b=XKovD1VaHoseGKE1n7KSHaltCtjY7vHYafN2mSdTK22R92Gpry7VTHLdAhzUDPRl4QOSH9CB6kB5HPabl4jNJP06u0jtIxA8t+prvx/7yn0Cj+CAkMtrdXI6wo+bXIRHXWatCrZtpYFF9YO7VURJ7zy32s/fIknNTOB6rrh8EbjzEn9O4Gb2i0ysNDF+RYhT8zRXpY4eXFLvgKondvxbyeQwUdKxQpqVZbkMKu8HsoJVvZQScTFthJQIE7dvheN6aO8jj/yiedz8uubl/Lq6rnZBPXW5dJzElgEjXO5OIBM/RriR9D7lgYZY+OvUeaNX+fStJU+pyZo3Qv7kXLzwrw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/7//S5NDQRul+v1ErfRdTHh43NFo2HKjFfW+Cm15aKU=; b=Gu6VALFgXxrnz0QbZ8jR4OJ9ouFXym7BFJgNe/TbqoonS9ECTCHpJntffr4hWAICtbOVJ0FGL5qWJ8BPQKFfDq5Ifw16SfZryq80B2elwxWC3prjggsFrIZZUFMhNOYpNt2Y1XXhTZmq0EOvI7NaA85+r+HvGGvVRRXiC/SskpY=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB3925.eurprd02.prod.outlook.com (2603:10a6:20b:48::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.29; Mon, 10 May 2021 14:43:19 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::aca9:7944:745f:78ef]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::aca9:7944:745f:78ef%5]) with mapi id 15.20.4087.050; Mon, 10 May 2021 14:43:19 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Daniel Franke <dfoxfranke@gmail.com>
CC: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] A simpler way to secure PTP
Thread-Index: AQHXREw3H/RmYyg7o0aEx8XpTG+waarcrFMAgAAf1zg=
Date: Mon, 10 May 2021 14:43:19 +0000
Message-ID: <AM7PR02MB57657C935D0E94D223B1D703CF549@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <CAJm83bCpio5WwigY6nc9Y0Gt_XSdjUV=sHUz04dOQ0zELPwZxw@mail.gmail.com>, <YJkrFjnRPJJHz9da@localhost>
In-Reply-To: <YJkrFjnRPJJHz9da@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e4466058-868f-4616-a871-08d913c1f3fb
x-ms-traffictypediagnostic: AM6PR02MB3925:
x-microsoft-antispam-prvs: <AM6PR02MB39259856BF6607E66D397D7ACF549@AM6PR02MB3925.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: L1+9cmm+5hz7d2H9K+BkqzlyQu0vOg+UFxN9uEEJCbBCCNNkTmE2DjKQTWzhVRalqjKeMppK4+0YEwdAXccQ8WvftyfepctGq/wWWS0e0353nrRerFJvK0Hw+jFv/VX8uZWare60AY9c0y47CHSjrvqY3E2agC1jo712v522v2nZQhbq/1mF41FwWJQ44edYIwwM5PJ3ScGVaYkg575pI2nQFk7vRjOUe+8IiF7RmIlKujQg5wpqrqfAlqqYwDr5EkE/j3lkQ/mLV5TrfNQQWwVPfJKWCJtwuAamlOWjq+coMkrOITAuBafYjxafLRt1e+9sM+6R5D8klGdX3h6gGXeZMakbpIneXyW4rYgOxoHj3W21X8o8SCHx5DkuayopvAkl3oMuA0Xbqifc3Zj/8Jq3VHy1WHB/so//trvDwKrdKUMnG/yKFWt6w025gXDXBUWp2lhVQHZ0zIWGgFgX0TBzbNUgo7Zjz+sl2SSnqaQ0K5clwf0CDuu7jck0V43uEsqw8V4KP4EgZAm7pPe3Vt8KqkoNiLBtf+9NJcKqr8UsXQQqX0RxuVebXiTNzobL3IO+toHrrlCVJj2+dUBaDafIM60n77h63Lx6BWRGwIF16ev9u8dQNu845l/5u5qvccfmI3uG3UZvX/AyCY2Yjqxa62iBYplaAblAjTsFkgbLmj5UePtLTiJBauX+/wMywHTFVE4IdpB6gplevCJNz3SZ6+GSNq2YL1EBp0dsJy0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39830400003)(376002)(346002)(396003)(136003)(2906002)(26005)(166002)(52536014)(5660300002)(76116006)(4326008)(966005)(91956017)(478600001)(86362001)(316002)(33656002)(6506007)(53546011)(71200400001)(44832011)(8676002)(9686003)(66556008)(38100700002)(64756008)(122000001)(110136005)(66446008)(66476007)(55016002)(8936002)(7696005)(83380400001)(66946007)(186003)(43043002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+lnXgw8qRmuiWS5RZhzEIU9WoGmvof82vwXljllJIIEZJQlPI5mNYgMqMjS3?= =?us-ascii?Q?TzYa51GTfmZ1w1dYTwCxkU6kIq2V2nINhJf5+yxvOKzgko1Z/q3OhD1oN4dt?= =?us-ascii?Q?Th8TLqupejLJCysBznWYQ+mo4/FX8pJchr9nH2uHRakT8abVYDaERieFfJDK?= =?us-ascii?Q?I7azHsUxRLjXKuCXWNLgZZy0FGTl/NNKTt+BPGor4Efetxko8DurMnq4btoz?= =?us-ascii?Q?PFbAQTEATElL5WN0b1+XQzJskjRlSlraH4IwEjVhVoe+1BKotWzVC/pyP2uB?= =?us-ascii?Q?eITnu35L+ingXXArfU/XtU4HHW6svXGmAMbx+G+74vyq2CG5EFKkhVvyJjT9?= =?us-ascii?Q?nr8bssAwI1f7+sI7B1K7ZdT38cZk6uq0Q4CIOza+MDi+3odzQyXD/shMzkhI?= =?us-ascii?Q?WIVTeTVkko3ze6URIJV0ju6xgK1+OKvd2GUzAXMoCvfxTPaz+PiY7EPmBbOk?= =?us-ascii?Q?RVnpNp+M8fzRScPQx8ee8ZP1UnrdPIYbDvBqAZlVX5AK9iu7Ue9xRl+mRO04?= =?us-ascii?Q?Ufmm93lECODBFCaGKm6fFTIK6o775D9mGNoBAxQBdBUF6GPO8sVdEyocYkeR?= =?us-ascii?Q?WHEIE2OmPj7WvgWqRJHxBY9LzOPJMROwU8If5ynF7ze7eCAesJ4GZlFqqWVx?= =?us-ascii?Q?9UfEDJUHQRNyjJgGxdqER43Lrh/j6piI41E5dZ6U/VTcMXR8+uMtM6pOlq7N?= =?us-ascii?Q?RrGLjHSf6e1owfUVkpu3v1FE6qCUSJn03okel+h0Pd0+hZxwVlXcX3m+ldo8?= =?us-ascii?Q?XfGzAyVJ67YaTkO6fZLqeVWuF8QwytdhYTnwnzIV1oa2G9XWkiYE9cX2yH3R?= =?us-ascii?Q?B4nec3rvA4bIq5oIU/GPW2YP2jFz/6UpdvgvHH+z1UHJdlTeI+9fnXoAkoKD?= =?us-ascii?Q?4mbkMCPzs103wczurqYOab2PxCzh+a17wvvt9C5FbDJsdqVjMTZcW8frDLZX?= =?us-ascii?Q?gS8AFCMmhaSwtZCDdUaWXcLQeyq3PtRPtvWPsh8cSjiEF4XgcNh2h/4Y4Z7l?= =?us-ascii?Q?EcGfBDbmXS912a1F+TMYftloYJqsSzHFZNKh5ZK3GIxbCZXLX1zkOAC1Eb3X?= =?us-ascii?Q?FGJnaGYOEnipsCdEnl5g3a4bKPBGyvmis6H1G+At4gRZjsGJFby4Ggwojqy1?= =?us-ascii?Q?+y2hJ4UW/W6yBCjQhFI4yYRFirIukde5Ji6+EIsjQv/THgimHIiq2hceskiO?= =?us-ascii?Q?o3JZmZqMqpJeITxnQHo60jtRE1P3dKZMBBAHO4YBahz6/MiI5H+fH3owWIUE?= =?us-ascii?Q?fz8FpBJY6JvKM6oMz75phsaKKyrYvO4O0iyuDnheUfIXE/X/tqIuM26f/5JT?= =?us-ascii?Q?34AIBQWFqgjoSO03foMnbN1qV/ysCz2Allk1K3olTWoHng=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB57657C935D0E94D223B1D703CF549AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e4466058-868f-4616-a871-08d913c1f3fb
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2021 14:43:19.1701 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kmCMNzV7/Ehtj1afux2S4Ye1S2b2Tq5kIx7rBzG8k5SE3gcUj5OElY0lFNe+rzik1SvudUAr9u+9etuyQyqAAfr5QJovVCkoTGNDyVdw/Ok=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB3925
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/5T5dh9aPJ3eIDkgbFBBayQU3TjU>
Subject: Re: [Ntp] A simpler way to secure PTP
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 14:43:28 -0000

I have heard of people actually doing this in the field as a sanity check.

However, some applications that use PTP can be broken by introducing timing errors that are less than the expected difference between PTP and NTP.

Doug

From: ntp <ntp-bounces@ietf.org> on behalf of Miroslav Lichvar <mlichvar@redhat.com>
Date: Monday, May 10, 2021 at 8:47 AM
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: NTP WG <ntp@ietf.org>
Subject: Re: [Ntp] A simpler way to secure PTP
On Sat, May 08, 2021 at 04:53:06PM -0400, Daniel Franke wrote:
> The trick is: run NTS-secured NTP and regular, unauthenticated PTP
> side-by-side. Do not use the NTP responses to set the clock; instead, use
> them only to establish maximum error bounds on the current time, and then
> clamp all PTP messages to within those bounds.

Makes sense to me.

In a more general approach, this is already possible with some
existing PTP and NTP implementations like linuxptp and chrony. PTP can
be specified as an untrusted reference clock, which will be used for
synchronization only if it agrees with trusted NTS-secured NTP
source(s). We recommend combining (multiple) PTP and NTP time sources
for better accuracy, resiliency, and security.

--
Miroslav Lichvar

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp