IETF Logo Mail Archive

Re: [Ntp] NTPv5 draft

Miroslav Lichvar <mlichvar@redhat.com> Wed, 09 December 2020 15:04 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6FA3A0D81 for <ntp@ietfa.amsl.com>; Wed, 9 Dec 2020 07:04:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGfUpzfdWLNA for <ntp@ietfa.amsl.com>; Wed, 9 Dec 2020 07:04:51 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8994C3A0D7D for <ntp@ietf.org>; Wed, 9 Dec 2020 07:04:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607526290; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=rBFzLl2mxn7RbBIqCHyd4J5/APoUjjRzZJEY5UW+hz8=; b=X7YfId3fLnlXBylkgTtpK+oJZqLd3UPbprWRXbgEjP/uV2MCuo8RN8UHqsUwozg/ncMzTg 2dMC8f8oMm/iY3G10H6xj4qTjsbrGajz/bWLOpojlhjIVrW3ZrGF5+9E1CFLQU2bP62+BR tHoaBL5wWKHA/HQvzVzYqSOT6KMgy5I=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-192-5jpswMIKOI6CgsOcUd-d-Q-1; Wed, 09 Dec 2020 10:04:44 -0500
X-MC-Unique: 5jpswMIKOI6CgsOcUd-d-Q-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 934AFDF8C2; Wed, 9 Dec 2020 15:04:42 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 771C85D748; Wed, 9 Dec 2020 15:04:39 +0000 (UTC)
Date: Wed, 09 Dec 2020 16:04:37 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: James <james.ietf@gmail.com>
Cc: "ntp@ietf.org" <ntp@ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Message-ID: <20201209150437.GE2352378@localhost>
References: <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com> <20201208095046.GT2352378@localhost> <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com> <20201208150725.GX2352378@localhost> <6d7daa5e-8537-a3a5-a5c3-2468be4c2918@gmail.com> <20201209083800.GY2352378@localhost> <bcec8d14-9af9-96c1-7e71-39569cb7b0ed@gmail.com>
MIME-Version: 1.0
In-Reply-To: <bcec8d14-9af9-96c1-7e71-39569cb7b0ed@gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/9Vl97HDyh0ZOruefamIIoI_dbKk>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 15:04:53 -0000

On Wed, Dec 09, 2020 at 03:12:52PM +0100, James wrote:
> I was hoping that the requirements document[1] I had briefly written, along
> with the several[2] emails I have sent to you and the list[3] describing
> more of my use cases and needs as well as those of others believed to be
> relevant would have sufficiently answered this question already.

I had read your draft (thanks for writing it!) and your emails, but
it's not clear to me. I thought my proposal was meeting the
requirements.

> To
> summarise, I believe the core protocol needs to offer downgrade-resistant
> authentication as:

Is NTPv4+NTS or the NTPv5 I'm proposing + NTS not resistant to
downgrade attacks? Are you refering to some TLS issue? What changes
would you suggest to fix it?

> * Securing NTP via extensions, IPSec etc adds additional cost and
> integration complexity as well as an increased risk of downgrade or
> misconfiguration in deployments;

I don't understand this part at all. An NTP authentication mechanism
in an extension field is very different from IPSec.

If NTP wasn't secured with an extension, how would it prevent
downgrade or misconfiguration? Are you considering a bug where the
client forgets to check if the packet is authenticated? Do you expect
NTP implementations to drop support for older NTP versions?

If it is not an extension, how do you replace it when it's found to be
insecure?

> * And that the computation/latency costs that would incur would be
> acceptable and reduced as implementations improve over time.

It takes few microseconds to authenticate an NTP packet with NTS. Are
you saying that's too long? What is your use case? The delay is
comparable to the typical error of a transmit timestamp. In the
interleaved mode it doesn't matter how long it is, it's compensated.

> What are the use cases you are considering, and what limitations do you
> think that providing authentication will impose on the protocol that would
> not make it suitable for them?

I'm trying to consider all the use cases I've heard about. That
includes isolated networks and various hardware implementations with
different limitations, where it is not possible or not practical to
implement TLS/NTS.

Don't forget about pool.ntp.org. Do you not want NTPv5 to be supported
there?

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email