Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
Miroslav Lichvar <mlichvar@redhat.com> Tue, 01 June 2021 09:47 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5D8F3A0E91 for <ntp@ietfa.amsl.com>; Tue, 1 Jun 2021 02:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.495
X-Spam-Level:
X-Spam-Status: No, score=-3.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fHNBB1bnnqpS for <ntp@ietfa.amsl.com>; Tue, 1 Jun 2021 02:47:33 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52B0B3A0E93 for <ntp@ietf.org>; Tue, 1 Jun 2021 02:47:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1622540851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WMEBGPceuadXMAZeIpoo2466CbtycgXQ9BlmZjZM60M=; b=AgUVRf9L5y4XINhPIgajva8+Z+iAUGGIm++nhjIIxhdBBHf6Ji2JHdmCDHsaiDEBf6iYlb 5IR7Zxmf0sN+jbh/7i3GxstxErSH/Xi20w1d8fejSCcLj5VJHqcJhGnTVTpyqp//dRcwsg 1vl5KoM33ibdHL1PwM0ne5gKUqmkfjQ=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-18-dPPWSfaCPHu01T-9-dPWSg-1; Tue, 01 Jun 2021 05:47:28 -0400
X-MC-Unique: dPPWSfaCPHu01T-9-dPWSg-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DF3B2107ACC7; Tue, 1 Jun 2021 09:47:26 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 338FA5D9D0; Tue, 1 Jun 2021 09:47:25 +0000 (UTC)
Date: Tue, 01 Jun 2021 11:47:24 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>
Cc: "ntp@ietf.org" <ntp@ietf.org>
Message-ID: <YLYCLIEA4/unB6/5@localhost>
References: <7F9B8D13-BC90-4E15-9BDF-81714DF0F0C6@meinberg.de>
MIME-Version: 1.0
In-Reply-To: <7F9B8D13-BC90-4E15-9BDF-81714DF0F0C6@meinberg.de>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/9ZS305oZcdrsocnjhPvAwL7Wri8>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jun 2021 09:47:39 -0000
On Wed, May 26, 2021 at 10:31:22AM +0200, Heiko Gerstung wrote: > I just submitted the latest revision of our NTS for Unicast PTP draft (-02) which you can find here: > > https://datatracker.ietf.org/doc/draft-gerstung-nts4uptp/ Here are my thoughts. I'm missing some background of the draft. What is the issue of the solutions described in IEEE1588, like authentication with manually distributed symmetric keys and security mechanisms implemented at lower layers like MACsec and IPsec, that this draft is supposed to address? In NTP, NTS is mainly about scaling to large numbers of clients and privacy. None of that applies to the PTP unicast mode. Due to the infinite amplification factor and susceptibility to DoS attacks clients have to be authorized, so I think even the need of public-key crypto should be explained. Is it supposed to make management of PTP in a network easier or more secure by distributing certificates instead of symmetric keys? I'm missing some description on whether/how this is supposed to work with transparent clocks. In the IEEE1588 terms, is the correction field considered mutable? As you already have to keep a client-specific state, I'd say an obvious question is why not use an existing application payload security protocol like DTLS? The draft would basically turn into "Exchange PTP messages over DTLS on ports X and Y". If you needed to support transparent clocks and/or keep compatibility with some existing hardware than can timestamp only specific messages on the standard PTP event port, you could use DTLS only for general messages and add a single TLV to get the key needed for authentication of event messages. I think that would still be easier to implement (using an existing DTLS implementation) and have a much simpler specification than what you are currently proposing. As for that issue with detecting delay attacks that Daniel brought up, I think that might be better to have its own draft as it applies to all PTP modes and all security mechanisms, even those at lower layers, if the existing documents (e.g. IEEE1588 and RFC 7384) are not sufficient. -- Miroslav Lichvar
- [Ntp] NTS4UPTP Rev 03 - Formal request for WG ado… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Kai Heine
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Danny Mayer
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Danny Mayer
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Danny Mayer
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Steve Guendert
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Daniel Franke
- [Ntp] Antwort: Re: Antwort: Re: NTS4UPTP Rev 03 -… kristof.teichel
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Langer, Martin
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- [Ntp] Antw: [EXT] Re: NTS4UPTP Rev 03 - Formal re… Ulrich Windl
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Salz, Rich
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Greg.Dowd
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Antwort: Re: NTS4UPTP Rev … Heiko Gerstung
- Re: [Ntp] Antwort: Re: Antwort: Re: NTS4UPTP Rev … kristof.teichel