IETF Logo Mail Archive

Re: [Ntp] [EXT] Consensus call: NTPv5 and supported modes

kristof.teichel@ptb.de Mon, 10 July 2023 08:21 UTC

Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1EE4C15155A for <ntp@ietfa.amsl.com>; Mon, 10 Jul 2023 01:21:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id buzQQYSXWZM6 for <ntp@ietfa.amsl.com>; Mon, 10 Jul 2023 01:21:06 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92559C15155E for <ntp@ietf.org>; Mon, 10 Jul 2023 01:20:44 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id 36A8KgNa013659-36A8KgNc013659 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <jand271@stanford.edu>; Mon, 10 Jul 2023 10:20:42 +0200
In-Reply-To: <5434c9a1-388b-f281-5434-dddbf8747592@pdmconsulting.net>
References: <72794CC8-DC52-4F1D-B5A9-8A9FBFB0750D@gmail.com> <c2a6a80754d54cadbb1046a80d76d3c7@ukr.de> <CAPz_-SWv-Ba9O8-B7qKzp5gJB6fcY8FxFuHTJtNKBGLirQDhpw@mail.gmail.com> <5434c9a1-388b-f281-5434-dddbf8747592@pdmconsulting.net>
To: Danny Mayer <mayer@pdmconsulting.net>
Cc: NTP WG <ntp@ietf.org>, Jason Anderson <jand271@stanford.edu>
MIME-Version: 1.0
From: kristof.teichel@ptb.de
Message-ID: <OFB40F8EFF.007A9774-ONC12589E8.002D6F93-C12589E8.002DD667@ptb.de>
Date: Mon, 10 Jul 2023 10:20:40 +0200
Content-Type: multipart/alternative; boundary="=_alternative 002DD665C12589E8_="
X-FE-Last-Public-Client-IP: 141.25.87.32
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=references:to:cc:mime-version:subject:from:message-id:date:content-type; bh=+0+a/iu5Y8CqBWll+VwP9cYh/6YDpe8ThtXFjTpE7TA=; b=CIAfToOdlw+xgy5hzEMB8Eo/UY9wNQlM3cTbXnEAnZsHENAPAInLycXJOONEcMHGwhVxSWTQZZbd bHQZmQA9NwigQy+kgBoBqvXq95j9YIEucI2e1a8CGuGgO8i+lTQjX7c/kK9wb9p1/t+dR2JURP/P R+cWZuEuQm4eZIYFtOd1orKTC3Bs+LjOAZceqPtEY8oB1PNgCNOaUcrAy998/lkX+zwRQA/CDz8o 1KOpeQiZhhnLh35eC4iqaLNqWnTS4Yav3MhG8SvWaUgxWy+yLpYRZM7ALROK6tpKdCdOuGAI8rUw 21Pq9tn0+nKbrd61m9VpEg9VkqGkdR+6bqUTTg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/EFFQSLH6hx_mxZR5ViJG1bk_h_0>
Subject: Re: [Ntp] [EXT] Consensus call: NTPv5 and supported modes
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2023 08:21:10 -0000

Just a quick comment on this mail: I don't really understand what you're 
getting at with the comment - but if you think that Jason Anderson's work 
has anything much to do with NTP broadcast, I think you misunderstood.
It is about other broadcast procedures (mainly GNSS) using the TESLA 
protocol (which requires rough sync as a prerequisite for authenticity), 
and potentially being extra vulnerable by NTP implementations "tattling" 
on an entity's bad sync state via the included timestamps.

Jason, please feel free to correct me if I'm misrepresenting anything.


Besten Gruß / Kind regards,
Kristof Teichel

__________________________________________

Dr.-Ing. Kurt Kristof Teichel
Physikalisch-Technische Bundesanstalt (PTB) 
Arbeitsgruppe 4.42 "Zeitübertragung"
Bundesallee 100
38116 Braunschweig (Germany)
Tel.:        +49 (531) 592-4471
E-Mail:   kristof.teichel@ptb.de
__________________________________________



Von:    "Danny Mayer" <mayer@pdmconsulting.net>
An:     ntp@ietf.org
Datum:  02.07.2023 17:43
Betreff:        Re: [Ntp] [EXT] Consensus call: NTPv5 and supported modes
Gesendet von:   "ntp" <ntp-bounces@ietf.org>




On 6/30/23 5:05 AM, David Venhoek wrote:
> I am of the opinion that we should not include the modes 1, 2 and 5,
> based on the following arguments (in order of importance):
There are a lot of assumptions made here which are probably not valid.
>   - They are known to be vulnerable (about 50% of all ntp reference
> implementation vulnerabilities over the past years came from these
> modes alone, and I for one am not convinced that they are in any way
> securely usable today).

What evidence to you have of this and which modes do you think that they 
apply to? Certainly modes 1 and 2 are able to use the same security as 
modes 3 and 4.

There are ways of dealing with mode 5 (broadcast and multicast) and I 
seem to remember that autokey works for that. Yes, I know that autokey 
is vunerable but it means that there are ways to deal with it.

>   - There seems to be limited interest in working towards fixes for
> their vulnerability, and I have not seen concrete ideas as to how.
I don't know what that means. See above.
>   - The use cases for these modes have reasonable alternatives
> available today: dhcp can distribute the address of an ntp server as
> replacement for mode 5, and mutual client-server connections can be
> used in the same situations as modes 1/2 (if needed with configuration
> settings in the implementation for special algorithmic treatment).
That not a substitute for multicast and cannot handle changes in servers 
sending multicast packets. Furthermore many servers have fixed IP 
addresses and do not use dhcp.
>   - Removing them would significantly simplify both the NTPv5 standard
> and the process of creating it.
Simplication of a standard is not a goal merely because it's easier.
>   - They are already not supported in 2 of the 4 major implementations
> (ntpsec, ntpd-rs), and only partially in a 3rd (chrony).
That's irrelevant since it ignores the many systems that use it today.
>
> I would prefer we mark them as obsolete/deprecated or something like
> that, as I don't see a realistic path to getting them to the point
> where the security concerns are going to be allayed, but am willing to
> leave them open as potential future extensions to NTPv5.
No. The NTP reference implementation will continue to support them and 
it is straightforward to implement NTS for modes 1 and 2. Mode 5 will 
probably need additional work. I need to remind everyone of Jason 
Anderson's work on needing Broadcast mode (though I would change this to 
Multicast since Broadcast is not available in IPv6).
> On the idea that this might inhibit adoption, I am not convinced of
> that. Based on contacts I have had through the ntpd-rs project with
> users, these modes are not among the missing features people seem
> interested in. I know there have been claims that this is absolutely
> critical for some users, but we have not seen anything concrete as to
> for whom and why, and I am therefore not inclined to take those claims
> seriously.
>
> Kind regards,
> David Venhoek
>
> On Thu, Jun 29, 2023 at 3:13?PM Windl, Ulrich <u.windl@ukr.de> wrote:
>> Hi!
>>
>> On " Should NTPv5 additionally support also the modes 1, 2 and 5 known 
from NTPv4?": If not, what should the document say about those? Obsolete? 
An extension?
>> IMHO being too restrictive may delay adoption or acceptance of NTPv5 
after it is available.
>>
>> Kind regards,
>> Ulrich Windl
>>
>>
>> -----Original Message-----
>> From: ntp <ntp-bounces@ietf.org> On Behalf Of Dieter Sibold
>> Sent: Wednesday, June 28, 2023 9:53 PM
>> To: NTP WG <ntp@ietf.org>
>> Subject: [EXT] [Ntp] Consensus call: NTPv5 and supported modes
>>
>> Dear all,
>>
>> at IETF 116 we decided to have two consensus calls regarding the 
content of the NTPv5 requirement draft. These are consensus calls that we 
would like to conduct to help progress the NTPv5 requirements document (
https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5-requirements/). Both 
consensus calls will run until July 21st 2023 and will be discussed at the 
next NTP wg meeting at IETF 117 in San Francisco.
>>
>> The first consensus call (the second comes in a follow up mail):
>>
>> Regarding supported modes:
>>
>> Currently, the NTPv5 requirement draft considers a client-server 
communication mode only. Should NTPv5 additionally support also the modes 
1, 2 and 5 known from NTPv4?
>>
>>
>> Greetings
>> Karen and Dieter
>>
>>
>> _______________________________________________
>> ntp mailing list
>> ntp@ietf.org
>> https://www.ietf.org/mailman/listinfo/ntp
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email