IETF Logo Mail Archive

Re: [Ntp] NTP Security (was NTPv5: big picture)

Miroslav Lichvar <mlichvar@redhat.com> Wed, 20 January 2021 09:07 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99FEB3A0CEA for <ntp@ietfa.amsl.com>; Wed, 20 Jan 2021 01:07:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.37
X-Spam-Level:
X-Spam-Status: No, score=-2.37 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7R2TSCikWRdg for <ntp@ietfa.amsl.com>; Wed, 20 Jan 2021 01:07:24 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E15D53A0CE9 for <ntp@ietf.org>; Wed, 20 Jan 2021 01:07:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611133642; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Hh+pzdC8FhGg0kfQHkjZvttcDDsG9eN5iiGX8S2E7I8=; b=GTEYC49dUFIcT3rBAgaCjz7CeILq0gTu8ZvJ/EC1zDrSvIbvBTAZR9RCDK0FyIREhzV5xj GpeSHCP7CwNoQeqyd9epf+rgVJwfJJPWDPr/Gl8BW+EV+MOPfOYXssoO8NGBYYhqz/+Nl8 gv0Z+x4oUxWQ0l3VM00zhMybmaOllGs=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-480-CDsFfJcQN1id14WXF-YVqQ-1; Wed, 20 Jan 2021 04:07:20 -0500
X-MC-Unique: CDsFfJcQN1id14WXF-YVqQ-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DB37A806664; Wed, 20 Jan 2021 09:07:18 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4F0045F9C9; Wed, 20 Jan 2021 09:07:16 +0000 (UTC)
Date: Wed, 20 Jan 2021 10:07:15 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: ntp@ietf.org, Magnus Danielson <magnus@rubidium.se>
Message-ID: <20210120090715.GN2430794@localhost>
References: <YAX6gJiREb2RE6Gs@roeckx.be> <c5378682-e03f-9e46-24d5-025eb4a57c05@rubidium.se> <20210119094217.GB2430794@localhost> <68c0d807-2290-3c44-d760-35306af20434@rubidium.se> <20210119130408.GD2430794@localhost> <ed1de364-ab7c-86f4-2390-8d96ca708321@thalesgroup.com> <20210119135115.GF2430794@localhost> <ec32ae0b-e0bc-f337-4934-1518ff491879@rubidium.se> <20210119172624.GL2430794@localhost> <YAcbffNC0YA2IW7W@roeckx.be>
MIME-Version: 1.0
In-Reply-To: <YAcbffNC0YA2IW7W@roeckx.be>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ANbQrO9d0mDFg8bBiMLCMeofSmU>
Subject: Re: [Ntp] NTP Security (was NTPv5: big picture)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2021 09:07:26 -0000

On Tue, Jan 19, 2021 at 06:48:45PM +0100, Kurt Roeckx wrote:
> I agree that you can't combine two things that are not validated
> and end up with something that's validated. But everything really
> is about probabilities and amount of work needed to break it. The
> more keys that need to be compromised before you accept something
> wrong, the more unlikely it is. I think it's really up to the
> users to decide what is an acceptable risk.

Ok, as long as it is clear that the proposed mechanism for
bootstrapping time it is not supposed to be secure (in threat models
commonly assumed with DNSSEC and TLS), just more difficult to be
exploited, I have no problem with that.

There are other recommendations that could be made if you cannot
perform the certificate time check using a trusted time source, which
might be easier to implement, e.g. require multiple independent NTS
sources.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email