Re: [Ntp] New rev of the NTP port randomization I-D (Fwd: New Version Notification for draft-gont-ntp-port-randomization-01.txt)

"Majdi S. Abbas" <msa@latt.net> Wed, 29 May 2019 03:20 UTC

Return-Path: <msa@latt.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C16601200DE for <ntp@ietfa.amsl.com>; Tue, 28 May 2019 20:20:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id szlIuMNV2efM for <ntp@ietfa.amsl.com>; Tue, 28 May 2019 20:20:29 -0700 (PDT)
Received: from puck.nether.net (puck.nether.net [IPv6:2001:418:3f4::5]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 413E5120075 for <ntp@ietf.org>; Tue, 28 May 2019 20:20:29 -0700 (PDT)
Received: from [IPv6:2607:fb90:5a9c:4507:253a:e452:b4f0:262f] (unknown [IPv6:2607:fb90:5a9c:4507:253a:e452:b4f0:262f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by puck.nether.net (Postfix) with ESMTPSA id 620A9540515; Tue, 28 May 2019 23:20:26 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: "Majdi S. Abbas" <msa@latt.net>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <1a133133-5d6a-ca96-6c15-73e6933baffc@si6networks.com>
Date: Tue, 28 May 2019 20:20:24 -0700
Cc: "Gary E. Miller" <gem@rellim.com>, ntp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2794A95B-B118-40BD-AD60-DCB50CC32717@latt.net>
References: <155841904754.12856.3727925672753047210.idtracker@ietfa.amsl.com> <9d21f083-4cba-1dd1-f5bb-c95984d3127b@si6networks.com> <9d74c6e3-244e-fdd7-184a-0572f4f144cd@ntp.org> <25275d68-8c18-1616-f226-dffe7e21091e@si6networks.com> <20190528174208.11253a67@rellim.com> <1a133133-5d6a-ca96-6c15-73e6933baffc@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/FCbQf2j9-1PVNNTO2JLpMx36m8Q>
Subject: Re: [Ntp] New rev of the NTP port randomization I-D (Fwd: New Version Notification for draft-gont-ntp-port-randomization-01.txt)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 03:20:31 -0000

Fernando,

    Randomizing the source port is pointless.  As Danny has noted, t1 already acts as a 2^64 nonce on each client mode chime request.  This sufficiently hardens the unauthenticated case to an off path attacker.  If additional security is required, authentication (via classic PSK, or NTS modes) should be used.

    Per session randomization doesn't resolve these issues -- the stated rationale for both the draft and filed CVE is hardening to off path attacks, which we've just covered.

    "Because it's best practice" isn't a reason -- it's a crutch to save a draft that was filed due to an insufficient understanding of RFC 5905 and current implementations of NTPv4.  The true best practice here is authentication, and it does not seem to be a worthwhile effort
to restructure existing implementations to add 16 bits to
the existing nonce with work like NTS
pending to cover the client/server use case.

     Cheers,

     --msa