IETF Logo Mail Archive

Re: [Ntp] WGLC: draft-ietf-ntp-chronos

Hal Murray <halmurray@sonic.net> Tue, 09 August 2022 10:06 UTC

Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2EDAC15C525 for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 03:06:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zibAL07G3VN for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 03:06:08 -0700 (PDT)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E373C15A722 for <ntp@ietf.org>; Tue, 9 Aug 2022 03:06:08 -0700 (PDT)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (107-137-68-211.lightspeed.sntcca.sbcglobal.net [107.137.68.211]) (authenticated bits=0) by c.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 279A66uT026792 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 9 Aug 2022 03:06:07 -0700
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 8788628C1CA; Tue, 9 Aug 2022 03:06:06 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
To: ntp@ietf.org
cc: Hal Murray <halmurray@sonic.net>
From: Hal Murray <halmurray@sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 09 Aug 2022 03:06:06 -0700
Message-Id: <20220809100606.8788628C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVZxy2LDA4k7ZrcEWm63g1tOopdTvhOp8mY7HtYlVX2KXfd4PJzW5Tl/aTtSkUHbETqmeSlBQ9I7qUOE9CR6nW2F8+G6ndKt9zM=
X-Sonic-ID: C;kFpm4soX7RGxYSdyR+6Zsg== M;qpaS4soX7RGxYSdyR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/71-C0XCHewNcwsUf284z6JLtx5A>
Subject: Re: [Ntp] WGLC: draft-ietf-ntp-chronos
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 10:06:11 -0000

Apologies for not getting my act together sooner.

I don't like it.

I expect to read a page or 2 (after skipping boilerplate) and then be able to 
decide if this idea is worth implementing.

What are the costs?  What are the benefits?

I think the threat model needs to be discussed early on.  MitM isn't mentined 
until Section 6.  What parts of that is Chronos protecting against?

Probably tangled up with that is the way the target client is being run.  How 
many servers?  Are they carefully selected or does it use the pool? ...

How do I evaluate the goodness of a particular Chornos setup?  I'd like a 
simple formula.  I'm looking for the big picture?  Is it exponential or sqrt?  
If there is no reasonable formula, maybe a small table would be good enough.

The costs are extra traffic to the servers.  If my server is currently using 5 
servers and I add Chronos using m=15 from your example, thats adding 3x load 
on the servers.  (total of 4x).  That's a pretty steep price.

-------

Chronos is described as an add-on, off to the side.  Can we merge it in with 
the main ntpd flow?

Handwave:
  step 1: add m more servers
  step 2: replace those servers every polling interval
  step 3: check for attacks

Checking for attacks may be useful even without the rest of Chornos. 

-------

Editorial level comments.

Plase drop all the references to NTPv5.  I find them all distracting.  If you 
really think that is important, put a paragraph at the end, and list all the 
properties of NTPv4 that need to be preserved for Chronos to keep working on 
NTPv5.

Page 3: "chooses a small subset of the NTP server pool"
  You made an interesting assumption there.
  Is Chronos useful if I select servers by hand?  What if they are all nearby 
and much higher quality servers than the ones in the pool?

Note that the word pool is ambigious.  It could mean pool.ntp.org, or it could 
mean the collection of servers, size n, that Chronos is using.  I suggest "NTP 
pool" and "Chronos pool", or its pool.

Page 3:  "preserving high accuracy and precision"
  I think you need to explain what you mean by "high".  Without qualification, 
my reading would be as good as when not under attack and that doesn't seem 
reasonable.

Page 3:  "provably secure algorithm".
  What are the conditions or assumptions that proof needs?

Page 3:  "avoid overloading NTP servers"
  I think you mean minimize the load on NTP servers.  Overload depends on the 
ratio of servers to clients as well as the load from a typical client.

I'm not sure where "communication overhead" comes from.  What's "overhead" 
about a NTP request/response exchange?

Page 3: "100 milliseconds", "20 years".
  That doesn't sound right.  All the MitM has to do is delay all replies by 
200 ms.  That "all replies" covers both ntpd and Chrnos.  There is no way to 
tell that case from an additiional 100 ms of cable.
  You are throwing numbers around without stating the conditions.

Page 3-4:  "in order to avoid overloading the servers"
  The way I read that, you have already picked m, so using m out of n won't 
reduce the load on the pool.  Maybe you mean using m rather than all n will 
reduce the load.  I suggest dropping the "overload" part.

Page 5: "Chronos poll interval"
  Is that different from ntpd's poll interval?

Page 5: m servers and m Chronos servers.
  Why should Chronos use the same number of servers as main ntpd?

Page 5: Sectopm 3.1
  It goes through the clock filter algorithm, then selects the "union of all 
recieved NTP servers' IP Addresses".  If you are going to select all the 
servers, why go through the filter?  I assume you want to select only the good 
ones, but that's not what the text says.

Page 7: "probability of reaching panic mode"
  I can't figure out what that paragraph is saying.  I think you are talking 
about false positives - reaching panic mode when you shouldn't, but the "when 
you shouldn't" isn't in your text.  Again, a table would be nice.  0.000002 is 
not negligible in some applications.

-------

Bufferbloat might be an interesting form of attack to consider.  It will get 
all of the Chronos servers no matter how big the pool is.  (My old DSL line 
had enough bloat that ntpd would step the clock if I did a long enough 
download.)

Another form of attack would be bugs.  There was one in gpsd recently.  That 
probably hit an interesting fraction of the pool.  I doubt if it was as big as 
25%.

How well does Chronos work with NTS?   NTS requires storage of keys and 
cookies for each server in the Chronos pool.

NTS cookies have a lifetime of 24 hours.  If I use your m=15 and n=500, each 
server gets used on average every 33 polls.  If the polling interval is 1024 
seconds, each server gets used (on average) every 9 hours.  That will require 
some careful coding but I think it will be OK.  It also turns into an upper 
bound on the ratio of n to m.  m=15 with n=5000 won't work.

--------

Typos:
  Section 3.2: "that,on average" missing space

  Section 4, Pseudocode
     "return avg(t)"  t isn't used yet.  I assume you mean T.





-- 
These are my opinions.  I hate spam.

v2.23.0 | Report a Bug | By Email