[Ntp] NTPv5 client cookie size
David Venhoek <david@venhoek.nl> Fri, 04 November 2022 11:04 UTC
Return-Path: <david@venhoek.nl>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92355C1527A4 for <ntp@ietfa.amsl.com>; Fri, 4 Nov 2022 04:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venhoek-nl.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKbwN4ZACdI9 for <ntp@ietfa.amsl.com>; Fri, 4 Nov 2022 04:04:42 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECE60C15271D for <ntp@ietf.org>; Fri, 4 Nov 2022 04:03:51 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id f7so7054231edc.6 for <ntp@ietf.org>; Fri, 04 Nov 2022 04:03:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venhoek-nl.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=qcQfNvSsb7L9KWpRQLcPUqfX9FRORtPDVyxU3tXz92U=; b=LaWIeuCp+XSyOtGbxAg43ag4IFilNFJxPVHvpBJtWZ0lk1/gvZdnAgUqJw42sefiN3 oJkNvmZRaGO4agPWt8A78HeU5RaKnSnAk39g10Z4uTKqwYfNIvKubYEPdQkATsilf/07 m1RHChr4rk32S44jDWXBErLGEaDIE4ra/yA/cHW5HRMDpNAiT3DkBH3lS7PvnxSKsUPt 0mpfzos1l3s4VjnI59UvX5ryhXQhmslcBCH/ZjyzDeItXJuf1dmmwXrjmrzZ48wqiWDg yJB6TmCszvja8++mUUXwC0Tvn3FpM+JuJjmJ9IzL8EqZZdogmS0ZsKICftzpdKXbxRPD Lqsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=qcQfNvSsb7L9KWpRQLcPUqfX9FRORtPDVyxU3tXz92U=; b=2hHv6kCjD1QY/mNaYVq2dv2Y1aViXPWB0KSk9CgunW34CeKGu5xa+WF558kVndnyiG o0FP6RYLdWaPrw25X3sqPfzYizcKxFnO67WpA6lLCzhT9CFO7rEqdd2vTpkXFlQ+VZpe vB2mdfLPFTf3CPpqo6+cZiRKMYZam05Tkx4N5zLjRzypIO8dTbJm5KuVgvpFSKL3ouyQ Ai8WDLa2HnL5RF8DE4xT/rSBwUrm6po9DdHOj6IZFbjftt22k2i2AFRNVq8zl4hXNwSL NSkhjmYQ97HtV8nFvk8XDB+cp2DTHHLTLUDLE8flVnVl00c0fjIZoTMIYTjgEQ6CaEms pqrQ==
X-Gm-Message-State: ACrzQf2B0lzgxetmW+ewxspm6l2mQ9REmK5s4j3QwIUrwgAR1KnhrL7V dtQvXrTJ49xfFJME/wjUEQinnUd805ZY96Wo3V04+AEe9uk=
X-Google-Smtp-Source: AMsMyM4PNMRX+3F2z+fhcXqXBhe+j9i6VMb5/jq4dXUznwz/Nva37tFPjICW/NRXoYWcDQu26XGL0xNlzar96wPUDWE=
X-Received: by 2002:a05:6402:2025:b0:464:67fd:e5d3 with SMTP id ay5-20020a056402202500b0046467fde5d3mr3001114edb.59.1667559829076; Fri, 04 Nov 2022 04:03:49 -0700 (PDT)
MIME-Version: 1.0
From: David Venhoek <david@venhoek.nl>
Date: Fri, 04 Nov 2022 12:03:38 +0100
Message-ID: <CAPz_-SUCq5xnWamQeUxA6HB0xVWJNoJGjVTKMvXv9ZfP9ztDHg@mail.gmail.com>
To: ntp@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/KRutRXlAo1J6Vwm11mIMEz7pSqc>
Subject: [Ntp] NTPv5 client cookie size
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2022 11:04:43 -0000
Dear all, After having implemented the NTPv5 spec, I feel that the current size for the client cookie it gives is on the small side. Although 64 bits is probably still hard to guess for an out-of path attacker, I think we should seriously consider increasing its size given that 64 bits of security is usually regarded as insufficient. 128 bits seems fairly straightforward to do if we move the server cookie needed for interleaved mode into an extension field. This seems like a reasonable option to me as it is already an optional part of the draft, and would also eliminate one of the flags in the flag field. Beyond that, reaching a 256 bit size in some way could also be interesting, because at that point we essentially have a large enough cookie that a separate NTS cookie would no longer be needed in NTS requests/responses. However, I see no reasonable way to achieve this outside of extending the header. Although I don't see any right now, such an extension might have unintended effects with regards to backwards compatibility. Any thoughts? Kind regards, David Venhoek
- [Ntp] NTPv5 client cookie size David Venhoek
- Re: [Ntp] NTPv5 client cookie size Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 client cookie size Ulrich Windl