From nobody Tue Feb 14 06:17:41 2023 Return-Path: X-Original-To: ntp@ietfa.amsl.com Delivered-To: ntp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 963BAC16950A for ; Tue, 14 Feb 2023 06:17:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.096 X-Spam-Level: X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg-usa.com Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgjN8AH6x75l for ; Tue, 14 Feb 2023 06:17:34 -0800 (PST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0631.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3CE2C13A07D for ; Tue, 14 Feb 2023 06:17:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aPhum2bExlqwMQSJfaZOUOhsENyo9+hStdYU6Mx7UoLfyAhsVxIOkPMpzOaKMzx24CeMhKUlZxJ21FxF5ywUDGcKHkSQx6XHQiqmAYXzBs1KZMDNri05h6enbyrvjEIADZmX82OnHu3luXGxN9h25G5IqLXrempZfcHwXlkEz6x50xJRSqWHXUF27I8C1lcKqYMA2BXkgiDzkc2tuPC9r+M+IDh8dg+oe+pOceosSrEFrmyV5gfIS1AF4weL14d4c9Ul1fptE+earWdp6bi/tpLQWNL7E0FfNM6+GlI6Jxaz/K850eokcDxVZGWrXVIscv7KQg/Nm8kfMrF7rupzdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5oBTbW528DA8ZRC5BxgNNOh2C/LgK7EWoialwnCS1qI=; b=T8OTpmw5fGglnv2/zMPSDSRE+ZGibFTqI8siLIpI4fblEgzV0ZzWyvzxtf+Ezjyy1amHWXXxehjBvNujk/1UbFHfVg+RcPyZGnf+GcUwRUAFsKIv/wZddYV4o2zA6iSil916DJ2Tce3M9nekziO1K5Hih0zSi7ux5ykCpE/BEdq9cTiRRwhJpi1uoBdN9AYseV01gMkXCa0PKDLvNrqBxJLWz4fAQqUNyZ99aNQGa2uIfYq9HbSDkVk92wrGFfqjK8h2UArUA3r7XM1fJ1HggDm7bR8BuRIv624nidgLxAity+n5HTZXlBHSALXjBJd8Bp4JUcGIF6fdetL5ibqgfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg-usa.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5oBTbW528DA8ZRC5BxgNNOh2C/LgK7EWoialwnCS1qI=; b=TuOUh9/XRIrtisyfkifPJgP8gi8zLKBDZZKVzOxRuPEyNY77nXHUSdRord2KY2oIGM+ds6N5B1YfQ4azPcGKSFmsTVIW8ePpztTRcZJ3vKkDh5lEMCcWvvbnsEdDOTX+noxEsmr5UcpAlD8BWNjDIRkqLngWt2ZpWbWN1P4NIcK6vLItGmV8X/1rEUWz9p+FyD+ScLneQms4KY/91NUfzZMTh/YEpAHiMrHEMCiX0Y4ahkHucHhKK0G4NnFTEVWyOcxZaEnoPLjebfboziLmSsG5iv5pO9ZZanCGjnTSjA/QpwuJKJN5NIr/2vFMvwszZuxGbrP+p6r2aeoMoPbciA== Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AS8PR02MB9481.eurprd02.prod.outlook.com (2603:10a6:20b:5a4::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 14:17:29 +0000 Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::5b06:19c7:472b:52b1]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::5b06:19c7:472b:52b1%3]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 14:17:29 +0000 From: Doug Arnold To: Miroslav Lichvar CC: NTP WG Thread-Topic: [Ntp] ntpv5 requirements Thread-Index: AQHZPKfs8q+9+ztUm0KZb8+1uSZyiq7NEPQAgAAa0UeAAP0XgIAAWwsP Date: Tue, 14 Feb 2023 14:17:28 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=meinberg-usa.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AM7PR02MB5765:EE_|AS8PR02MB9481:EE_ x-ms-office365-filtering-correlation-id: b231aa7e-261c-4c90-6ec6-08db0e963468 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: sQOQFcPeSblypX/2NTE6EbpZUoW9IktZ01bXdCJ0xbhe24730KF00CCQtxnvYj/AgF2MQpEj9MmP42iWIZ0MqIqDi6ZT2Z1OudpzeN1peXxa6qYDS3V4F6hdwDbNAZKnf97KARlr+fffAJaRXkReWGpe9kEOb0kd/kFIPoW4OZNRpsjMu5l3VYEkepYI9KM0T2jL3vspnvieab0n+Zeye9cnq4EmC5A4FRe74Nowfr5317wlUPse4ahhao1R583BGk1vVySTql4n5WjoPLtj8Ahi7PPmgaItyl/j8cjb1UqirCQtCZHkuXuC1dKqBdo+6dlaY8jUNoQKkMUpc2O8aFPc8wpziHhmRcSzoHWfB0OZkjCxiCxrOgixKFEYEA0PEZ5TXdrPNk5unr68IckjWbajN+GaJuWopsSaqNPmFsqnPUtrWv9Dwhp4dKLp725evkM0uWQd6PTqmyaVU1fhEHP/de7AIqFR4GUO2zzTPXkmqplW7Ty7FCg79CCqDTIqz9urNPAvTcl5eLMif5M8DFbmp9VXxWJRcBs/WGq43Vq4JotzLhruKZwH4CSvXdkpJpxCGbPs/51hlOw5iwzPelS5jsG1OWPU/Adur7Ynk3dnsMm2U8H7HLyblpmrIr+yCg86rLJimVpdCVo2K2Sdp0K1ymvzNzLCAu7TOKStXGV7eEjDqQaEwu72+4gqOmN3tH1GCr4i/f8xbkDqO3VbHQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(136003)(396003)(39830400003)(376002)(346002)(366004)(451199018)(5660300002)(44832011)(2906002)(7696005)(38100700002)(122000001)(55016003)(86362001)(478600001)(9686003)(53546011)(186003)(38070700005)(316002)(33656002)(26005)(71200400001)(64756008)(8676002)(4326008)(6506007)(66556008)(6916009)(66476007)(66446008)(76116006)(41300700001)(8936002)(83380400001)(52536014)(91956017)(66946007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?zWkvUj1AEiAT61kdcHmX18u7gLn5phLvEyIIw2tLoxEbI80cFbp/I6zdp/Xu?= =?us-ascii?Q?XmoEwWLxtW03kX992Hxr4uvbSFZLzDQvGsyVjJYzmogTKDflFO81jsCx0Rbq?= =?us-ascii?Q?5b4Cn6RwasUEP2DD5KfyQqG/dqTZVJUWvY8AhSGZZktfqCdC31c2ONurssc5?= =?us-ascii?Q?M0RztWwzMcA8o43nIB79nj0++lbN4f+dgm7EeBDPK4qk3qQAjgzMotbb9s8k?= =?us-ascii?Q?NZdM+lDw4OlG8bG2TuIP/swqDgcEJxRWrame5XsMmHC2rvHbRhGr+PKPs66c?= =?us-ascii?Q?qHx+fjKANpWYmy8+LpBTDSqMWyrK/g+Doed0ti3TSXe2Jfd/armVZnB8xEDP?= =?us-ascii?Q?/tFeyghbofDCU2HLBrn4hiMspUBeGpZPwUGqjs4rw/oLuVqcGwWBpxuNgX3K?= =?us-ascii?Q?y0ZMFvgWW6M8O7z9Nx/gIXf5UDtP+xhdpHJxBfa7oEIwsQLKhBKJwBk6R9Fo?= =?us-ascii?Q?1kLwYq+7o7vPyDQ4auK5rYNbW+AEKmh+R2ODmp2fW2CrnoU4yhSVOUcA9aC3?= =?us-ascii?Q?cqh4OsE5JolK3V2SPQiP6Ju3b+WgqZAg+dH4XGZ9m+lrYor/zvsize8LYzE8?= =?us-ascii?Q?3Fjrg9/4gnD27+VPnCyvMDMj5REReJZ64KYyXuWfRDjmSFO5S3QPGm6NJAkg?= =?us-ascii?Q?sl0UFdDvDM53ZVDralCB4XHv1OpkMAB/KCVRmd1/C2LmpzXMdvHIb/NZLsRk?= =?us-ascii?Q?gHx02gkkBezqG0H4g4jQaCNmNKPpWD1ynAbrc/ZlgX6kgKjcp2KjHGemnivY?= =?us-ascii?Q?WSX1KHOpDt86wdsyeIoQmGE/aRPe+/YnKDLUhC3PHDPmjE+rWmGbmpAClL8P?= =?us-ascii?Q?0uaXwnQ2L7jY7mLjMP0EWX8sTu01GTVjO1QT8aYPYTjDC6Em8Kl6gTxrhL2x?= =?us-ascii?Q?VQOclCq81jwWhXBrq/rV89/DQzvk975DaCDDbAGb9DDbR8IqHSNmaWyVEoN6?= =?us-ascii?Q?3bYOfZwfJ/Oh+jhtLHqtWn7VDlcB5kuBP70f2gGfaJ1TUE6jW3ccNBFVgHo5?= =?us-ascii?Q?tuLTnWXazbKTfX3tf6i3db7NEEw3YINzA2tifSAfPT6ndJyYqdaiqGIikusM?= =?us-ascii?Q?TpC5XrRZbZV3+W+tTYtZi9I349WBn3vKcYdIEuBForMjbC27Fo31cwDxGGVD?= =?us-ascii?Q?V5rE0igRYalj3ZLZDn8nXWQyypKHUr3VHpR4yVKE06ocTtsf9ySBYDYCPnmQ?= =?us-ascii?Q?iNdn069uItAdutpFTyQEAyy/vsPho7ifhkdCPNWs14YDdkM9F6y4U5HNIQb6?= =?us-ascii?Q?m5E48xreP6aJuMwKB0F534Q/4XT/g8zHtN6gPzBSwLwmv6Ri/uz7ak0RVFxY?= =?us-ascii?Q?3ZD7L1pKintNnH5MZEX+p7BMpBAggyQRwJaK/PRls0bxbOsU/IYA8PYtmG2o?= =?us-ascii?Q?JLlHZk3D5cvLPD3SO5eEBtXw1cdJ/wMUhMXJMpFmRCK3/skemp8UJMUv+sfw?= =?us-ascii?Q?mylgglIK99KfVAGUevlV8L7uVROJS3aJ+3uR2nxoLf4IODNIm+ws04cK7iXw?= =?us-ascii?Q?fV7M7sNaYZkYTEsEkvydprNu/+wEwWiq3629wBepHsfKGRQDk4IzmECqe//L?= =?us-ascii?Q?eBnnNykeCeowc4RqFUzkbaBP7FkH3d1qK7bK9cjJNS1TYJzki2q2T+nZjllE?= =?us-ascii?Q?YmoVJohu/0eySNmc05bz/qg=3D?= Content-Type: multipart/alternative; boundary="_000_AM7PR02MB576506FDAB08CB5E7D4AC58BCFA29AM7PR02MB5765eurp_" MIME-Version: 1.0 X-OriginatorOrg: meinberg-usa.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b231aa7e-261c-4c90-6ec6-08db0e963468 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2023 14:17:28.9574 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jGb4teX3h1GOifSVrhTErlazRNCcYAPlNzVli7026rgpBUGD2qKgIo0DqFd2Hf80esDkgPy5wxR1iuVKCZQTtX5AuDFUuKiHxgb4SHuuH3A= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB9481 Archived-At: Subject: Re: [Ntp] ntpv5 requirements X-BeenThere: ntp@ietf.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: Network Time Protocol List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2023 14:17:39 -0000 --_000_AM7PR02MB576506FDAB08CB5E7D4AC58BCFA29AM7PR02MB5765eurp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable True, TESLA makes the time/security startup problem much worse. A client n= eeds to start out within a time ~ second (for TESLA) instead of ~ hour (to = accept a digital certificate). Doug From: Miroslav Lichvar Date: Tuesday, February 14, 2023 at 3:48 AM To: Doug Arnold Cc: NTP WG Subject: Re: [Ntp] ntpv5 requirements On Mon, Feb 13, 2023 at 06:10:44PM +0000, Doug Arnold wrote: > I think that he sees TESLA as super-efficient. One could generate 1 key p= er second to be used by all clients that second, never open a TLS channel, = never look up keys in an a key index table, never encrypt a cookie. There would still need to be some asymmetric operation and certificates in order to authenticate the first key for the client, so something like NTS-KE/TLS would need to be used anyway. TESLA requires a reasonably accurate clock to be able to tell when a key is disclosed. Some clients probably wouldn't want to wait more than few seconds for the key (e.g. to set the clock on boot), so the clock would have to be kept accurate to a second. Some devices have very unstable clocks (e.g. in virtual machines) and would need to poll the server very frequently to stay within that limit. Some computers don't have an RTC and lose time while suspended. There are other reasons for unexpected steps of a clock. If the clock is not kept accurate, it completely breaks the security, just to avoid decoding a cookie. I don't think that is acceptable for NTP. -- Miroslav Lichvar --_000_AM7PR02MB576506FDAB08CB5E7D4AC58BCFA29AM7PR02MB5765eurp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

True, TESLA makes t= he time/security startup problem much worse.  A client needs to start = out within a time ~ second (for TESLA) instead of ~ hour (to accept a digit= al certificate). 

 

Doug

 

From: Miroslav Lichvar &l= t;mlichvar@redhat.com>
Date: Tuesday, February 14, 2023 at 3:48 AM
To: Doug Arnold <doug.arnold@meinberg-usa.com>
Cc: NTP WG <ntp@ietf.org>
Subject: Re: [Ntp] ntpv5 requirements

On Mon, Feb 13, 2023 at 06:10:44PM +0000, Doug Arnold wrote: > I think that he sees TESLA as super-efficient. One could generate 1 ke= y per second to be used by all clients that second, never open a TLS channe= l, never look up keys in an a key index table, never encrypt a cookie.

There would still need to be some asymmetric operation and
certificates in order to authenticate the first key for the client, so
something like NTS-KE/TLS would need to be used anyway.

TESLA requires a reasonably accurate clock to be able to tell when a
key is disclosed. Some clients probably wouldn't want to wait more
than few seconds for the key (e.g. to set the clock on boot), so the
clock would have to be kept accurate to a second.

Some devices have very unstable clocks (e.g. in virtual machines) and
would need to poll the server very frequently to stay within that
limit. Some computers don't have an RTC and lose time while suspended.
There are other reasons for unexpected steps of a clock.

If the clock is not kept accurate, it completely breaks the security,
just to avoid decoding a cookie. I don't think that is acceptable for
NTP.

--
Miroslav Lichvar

--_000_AM7PR02MB576506FDAB08CB5E7D4AC58BCFA29AM7PR02MB5765eurp_--