IETF Logo Mail Archive

Re: [ntpwg] The next step of draft-ietf-ntp-checksum-trailer

Miroslav Lichvar <mlichvar@redhat.com> Mon, 07 March 2016 13:40 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E83A1B410C for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Mon, 7 Mar 2016 05:40:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zChhAjXclHad for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Mon, 7 Mar 2016 05:40:03 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id A47561B410E for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 7 Mar 2016 05:40:03 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 9310586DB2E for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 7 Mar 2016 13:40:03 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id D54DF86DAA9 for <ntpwg@lists.ntp.org>; Mon, 7 Mar 2016 13:16:39 +0000 (UTC)
Received: from mx1.redhat.com ([209.132.183.28]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <mlichvar@redhat.com>) id 1acv1R-000ErO-2W for ntpwg@lists.ntp.org; Mon, 07 Mar 2016 13:16:39 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id 68161C00B8EE; Mon, 7 Mar 2016 13:16:28 +0000 (UTC)
Received: from localhost (dhcp-24-154.brq.redhat.com [10.34.24.154]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u27DGPol017126; Mon, 7 Mar 2016 08:16:26 -0500
Date: Mon, 07 Mar 2016 14:16:25 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Harlan Stenn <stenn@ntp.org>
Message-ID: <20160307131625.GA3209@localhost>
References: <4569da98236441699fb26aebb71f90a7@IL-EXCH01.marvell.com> <E1acVNL-000CK8-RW@stenn.ntp.org> <20160307093202.GJ20222@localhost> <E1acsHr-000Dmy-Bf@stenn.ntp.org> <20160307112840.GK20222@localhost> <E1acuOC-000Dwm-SV@stenn.ntp.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <E1acuOC-000Dwm-SV@stenn.ntp.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-SA-Exim-Connect-IP: 209.132.183.28
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: mlichvar@redhat.com
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] The next step of draft-ietf-ntp-checksum-trailer
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: "'ntpwg@lists.ntp.org'" <ntpwg@lists.ntp.org>, "Karen ODonoghue (odonoghue@isoc.org)" <odonoghue@isoc.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

On Mon, Mar 07, 2016 at 12:35:56PM +0000, Harlan Stenn wrote:
> Originally, if there was an extension field there MUST be a MAC.

Right. That requirement was not necessary and it was later removed.

> Tal wrrote Errata 3627 (or whatever) and removed that requirement.

Yes, but why is that a problem?

> MAC protection is good.  NTS uses a 'single' Field Type, but the first
> few packets have no MAC protection.  Therefore, the first few packets of
> an NTS exchange arguably MUST have MAC protection outside the NTS
> packet

With what key would that MAC be generated? Unless I misunderstood how
NTS is supposed to work, the first few packets are simply not
authenticated and can't be used for anything except initialization of
the NTS association.

> We're getting ready to publish a "MAC in an Extension Field", and
> arguably this is how it should have been originally done.  So in keeping
> with the above logic, there are 2 pieces of information we want to see
> for an extension field.  One is "SHOULD or MAY have MAC protection after
> this field," and the other is "This extension field provides MAC
> protection."

What will the receiver of this information do with it? The client must
have its own policy on what extension fields has to be covered with
MAC in order to accept the packet. The server can't dictate that.
Normally, the client will require all fields to be covered by MAC if
authentication is enabled.

> > > - Use a flag bit in the Field Type that says "My extension field does
> > > not require a following MAC."
> > 
> > Meaning the field is not related to authentication?
> 
> Meaning "My extension field does not require a MAC after it".  This is
> the "MAY" case as opposed to the "SHOULD" case.  An example of this is
> Tal's checksum complement proposal, as currently written.  If ntpd sends
> out an unauthenticated packet, the FPGA engine is free to rewrite the
> transmit timestamp, but since the OS has already computed a UDP
> checksum, if the transmit timestamp in the packet is changed it's almost
> certain that a checksum complement will be needed to make sure the
> existing UDP checksum will still be correct.  That's what Tal's proposal
> is all about, and it's the first time we've seen a proposal for an
> extension field where one MUST NOT have a MAC at the end of the packet.

Ok, but that information is already included in the specification. The
client or server that generates that field needs to know that.

> > The SHA1 MAC is 24 octets, that's why there is a requirement for the
> > last extension field to be at least 28 octets.
> 
> 4 byte keyid plus 24 octets.  So 28 bytes is clearly potentially
> ambiguous.

A SHA1 MAC has 160 bits for the digest and 32 bit for the key ID.
That's 192 bits or 24 octets total.

> Extension fields of 4, 8, 12, or 16 bytes are also unambiguous.  Why
> prohibit these lengths?

Because MAC in a packet from an old client could be parsed as one or
multiple extension fields.

> >> - a MAC consists of a 4-byte keyid and a payload.  If there is no
> >> autokey extension field, the keyid MUST be <65535, and we SHOULD have
> > 
> > Isn't that restriction for keyid just for the autokey RFC? There are
> > NTP implementations that allow any keyid with symmetric keys.
> 
> Originally:
> 
> - any extension field meant there MUST be a MAC.
> - the only defined extention field as been autokey.
> - if no extension field was present, then no autokey, and a MAC meant
>   symmetric key was being used.  keyid < 65535.
> - if an extension field was present, the autokey was being used, there
>   MUST be a MAC, and  keyid > 65535.

That applies to the reference implementation, but not necessarily for
other NTPv4 implementations. They can parse extension fields, but they
don't have to know anything about autokey and can authenticate with
MACs using key IDs above 65535.

-- 
Miroslav Lichvar
_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email