IETF Logo Mail Archive

[Ntp] Antw: Re: Antw: [EXT] Re: Benjamin Kaduk's Discuss on draft-ietf-ntp-mode-6-cmds-09: (with DISCUSS and COMMENT)

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Mon, 31 August 2020 09:21 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 448AB3A117E; Mon, 31 Aug 2020 02:21:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YA-vlQzzbkuD; Mon, 31 Aug 2020 02:21:24 -0700 (PDT)
Received: from mx2.uni-regensburg.de (mx2.uni-regensburg.de [194.94.157.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88AC43A117B; Mon, 31 Aug 2020 02:21:24 -0700 (PDT)
Received: from mx2.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id EE3FE6000055; Mon, 31 Aug 2020 11:21:21 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx2.uni-regensburg.de (Postfix) with ESMTP id AB785600004D; Mon, 31 Aug 2020 11:21:21 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 31 Aug 2020 11:21:21 +0200
Message-Id: <5F4CC110020000A10003B016@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Mon, 31 Aug 2020 11:21:20 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Hal Murray <hmurray@megapathdsl.net>, stenn@nwtime.org
Cc: draft-ietf-ntp-mode-6-cmds@ietf.org, The IESG <iesg@ietf.org>, "ntp@ietf.org" <ntp@ietf.org>, "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, odonoghue@isoc.org, kaduk@mit.edu
References: <20200829084626.C0F2E40605C@ip-64-139-1-69.sjc.megapath.net> <b262735b-19fb-21ba-891f-5de33ab2a488@nwtime.org>
In-Reply-To: <b262735b-19fb-21ba-891f-5de33ab2a488@nwtime.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/KPxmJeDxF0FcAI_nvMJhQVb9umw>
Subject: [Ntp] Antw: Re: Antw: [EXT] Re: Benjamin Kaduk's Discuss on draft-ietf-ntp-mode-6-cmds-09: (with DISCUSS and COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 09:21:27 -0000

>>> Harlan Stenn <stenn@nwtime.org> schrieb am 29.08.2020 um 11:47 in Nachricht
<b262735b-19fb-21ba-891f-5de33ab2a488@nwtime.org>:
> On 8/29/2020 1:46 AM, Hal Murray wrote:
>> 
>> Ulrich.Windl@rz.uni-regensburg.de said:
>>> While many decisions in the past were made to keep up backwards
>>> compatibility, the encryption type is set up indirectly vie the ntp.keys
>>> file. However (AFAIR) the file is not part of the NTP specification, so for
>>> the on-wire protocol there's no change to get the encryption type. One might
>>> guess, however.
>> 
>>> Probably this was an omission after the only encryption type (DES) had been
>>> extended to allow MD5 also (in NTPv3 AFAIR). The later on it was still
>>> forgotten. 
>> 
>> No, it's not an omission.  There is no need for the encryption type to be on 
> 
>> the wire.  The admins for the client and server agree on the type while they 
> 
>> are agreeing on the key and keyid.
> 
> It's not an omission, and that the encryption type is not part of the
> on-wire protocol is a clear feature.
> 
>> The backwards compatibility was just good luck.
> 
> I don't understand.  Backward compatibility?  Good luck?
> 
> The NTP MAC is the stuff after the base packet and any EFs.
> 
> It is comprised of a 32-bit (4 octet) keyid and a digest payload.
> 
> This digest payload can be a number of different sizes.  RFC5905 talks
> about the size needed for an MD5 digest.  Other digests and other digest
> sizes are perfectly acceptable.
> 
>>> Actually I don't understand the part: "The client and server or peer can use
>>> different values, but they must map to the same key." 
>> 
>> I think it's a bug.
> 
> I don't know anybody who is using one keyid for authenticating from A to
> B, and a different keyid for authenticating from B to A.  But there's no
> reason that should not be permitted.  I don't even believe there should
> be a requirement that this case MUST map to the same key.

However as not even the reference implementation supports it (AFAIK) (and I guess nobody else), so why make that statement.
Are you saying for "server server1 key 123" server1 is receiving queries authenticated with key 123, but is allowed to send replies using any different key, and that response is OK? That would mean if one key is disclosed, an attacker could send bogus responses using that key, right?

> 
> -- 
> Harlan Stenn <stenn@nwtime.org>
> http://networktimefoundation.org - be a member!

v2.23.0 | Report a Bug | By Email