IETF Logo Mail Archive

Re: [Ntp] Antw: Re: Antw: [EXT] Re: Benjamin Kaduk's Discuss on draft-ietf-ntp-mode-6-cmds-09: (with DISCUSS and COMMENT)

Miroslav Lichvar <mlichvar@redhat.com> Mon, 31 August 2020 10:25 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10A8A3A11FA for <ntp@ietfa.amsl.com>; Mon, 31 Aug 2020 03:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6AlpAR6S9kF for <ntp@ietfa.amsl.com>; Mon, 31 Aug 2020 03:25:06 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC583A11FC for <ntp@ietf.org>; Mon, 31 Aug 2020 03:25:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598869505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=s+AyqVkrlw/QPVgXv6i8LKhO0Fee+0KAHDVoSjzqlto=; b=SXXAC5myvGDNSgw+uuu3pHBqsHUVNxa929sqm8xGKRRpoYcHj5admxD0S62CCpamRdNRMc kLgskv4Dhu45ffb/TbU5hjHclIDcVc4XDeJ/8icaACb6lhKFsb1DVm2XCNxBZJr44u4VdM q4DW/kKKxlZDbFGIPC4CAgC0A1tjn6w=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-343-pMYygvBgNU-fWcsA2zdeCg-1; Mon, 31 Aug 2020 06:24:59 -0400
X-MC-Unique: pMYygvBgNU-fWcsA2zdeCg-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CE5591008548; Mon, 31 Aug 2020 10:24:57 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B75001002D48; Mon, 31 Aug 2020 10:24:55 +0000 (UTC)
Date: Mon, 31 Aug 2020 12:24:53 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Cc: Hal Murray <hmurray@megapathdsl.net>, stenn@nwtime.org, "ntp@ietf.org" <ntp@ietf.org>, odonoghue@isoc.org, kaduk@mit.edu, "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, draft-ietf-ntp-mode-6-cmds@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <20200831102453.GR2752765@localhost>
References: <20200829084626.C0F2E40605C@ip-64-139-1-69.sjc.megapath.net> <b262735b-19fb-21ba-891f-5de33ab2a488@nwtime.org> <5F4CC110020000A10003B016@gwsmtp.uni-regensburg.de>
MIME-Version: 1.0
In-Reply-To: <5F4CC110020000A10003B016@gwsmtp.uni-regensburg.de>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0.001
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/El2H-iuHHkgO5xfJfJ8RZIYWVkI>
Subject: Re: [Ntp] Antw: Re: Antw: [EXT] Re: Benjamin Kaduk's Discuss on draft-ietf-ntp-mode-6-cmds-09: (with DISCUSS and COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 10:25:09 -0000

On Mon, Aug 31, 2020 at 11:21:20AM +0200, Ulrich Windl wrote:
> >>> Harlan Stenn <stenn@nwtime.org> schrieb am 29.08.2020 um 11:47 in Nachricht
> > I don't know anybody who is using one keyid for authenticating from A to
> > B, and a different keyid for authenticating from B to A.  But there's no
> > reason that should not be permitted.  I don't even believe there should
> > be a requirement that this case MUST map to the same key.
> 
> However as not even the reference implementation supports it (AFAIK) (and I guess nobody else), so why make that statement.
> Are you saying for "server server1 key 123" server1 is receiving queries authenticated with key 123, but is allowed to send replies using any different key, and that response is OK? That would mean if one key is disclosed, an attacker could send bogus responses using that key, right?

Yes, that is a security issue if an NTP client accepts responses
authenticated with a key that it uses to authenticate responses to its
own clients as the clients can perform a MITM attack on the server.
IIRC with the ntp.org implementation you need to specify IP addresses
in the key file to enforce that, which might be difficult to do if the
clients are allowed the change their address. Other implementations
require the responses to be authenticated with the key specified on
the "server" line and I think that should be recommended in the NTP
specification.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email