Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption

Doug Arnold <doug.arnold@meinberg-usa.com> Fri, 04 June 2021 17:08 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4714F3A1986 for <ntp@ietfa.amsl.com>; Fri, 4 Jun 2021 10:08:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ml64QvQx8CL6 for <ntp@ietfa.amsl.com>; Fri, 4 Jun 2021 10:08:29 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60089.outbound.protection.outlook.com [40.107.6.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 229AF3A1985 for <ntp@ietf.org>; Fri, 4 Jun 2021 10:08:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ap2hjDUTvvnzje0VIRW/0l9FcJw1WklfHMBRTcCM+gFkLj8AsihGaooZhQO6aZXxOu5bnI5g6Ln8nDWm9By35bYQgYD+0C+46bfJIUGR8nAIQg0m5JWhV2kl2vYOMZefRksKiGHHLzxZVIKIkc7KlzRI2D6od5n96iMR7YaVaLCpdky9D3DTlnDuMkYZkmicGBolO/5Nc50BhZUhitHU/rxvNqGonZ4VRq1GQujnnwZdgT1VbL1wYXO2kAP40XeNtpdcTUzRoyRJxFJo6rUnfwyRUP6JtVc/UU2FAiNhg/H3jjm5h95Gzu5i6rDj6O52VwQ8i7jkzvVyT6wr+0PNpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8KaLMLMQ/yNlkvOMK2lsWYCM5he++woyirO+rROXhXY=; b=N49HGY5RBeOua3Bkk4qCFVigI7MlML/zoItU3/qd3d2LAvECCADNV7cbZEfnuSsL0nJpgFUtg5UdzpPlzt+axFLo9itMJ7TxlNglAeNCdiXI59AlNPFfNHkuFRwoDGBolLzJcRZaNoYtbq8PjxmgwE7LRuCAko2GMP3eRKyFtCVmgMM9+Y6glpJkwRErjeGIwQm377OqhtofgaYQdfjde7OTob/rvC2IsaQ2Mltoq/xsUZSaUuzNxBZRvM7QZ1g+DVkYJuUdoKbHiACNLxtUK4/Q3c8C6W8We5GgIEtqgJ84se7PWtumcDIRpP+GtMywjE/F5lj8raWgl/Aj2NTt1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8KaLMLMQ/yNlkvOMK2lsWYCM5he++woyirO+rROXhXY=; b=C87162qY7Znh4uxsy6ZIyB4hLvR6PTPvCfdTsJcTDPR4sFZt05JSP/8WzJIRr2WF0CFHWuHBIq06oujZUE5lyfXocMmbs1ox3COm/1DJMff824kLqv/Aa0/iFjlwuRUoJBwNi/4qu6ShX5U2QfBnVBlNFJDVkKUW0OA+JyG9nl4=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB4658.eurprd02.prod.outlook.com (2603:10a6:20b:37::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.20; Fri, 4 Jun 2021 17:08:24 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::7021:78f3:a3bd:4cd9]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::7021:78f3:a3bd:4cd9%6]) with mapi id 15.20.4195.024; Fri, 4 Jun 2021 17:08:24 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>
CC: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
Thread-Index: AZ2x3tU+ZTljNmQ4N2MwN2VmZGRlN/NJ2JQAAAMO24AAAZtGgAABqW4AAAGes4AAAYKJgAAC7iCAACh054AABOqzAAAF+vIAACAacIAARdi2fw==
Date: Fri, 4 Jun 2021 17:08:24 +0000
Message-ID: <AM7PR02MB57652059FC2F56AB15D7D9ADCF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <YLYCLIEA4/unB6/5@localhost> <1DAA3605-CC04-46DE-8CFC-975BED7D4160@meinberg.de> <YLYheZYTSflAdlrF@localhost> <CEB3F4AA-E318-4540-BD6C-4437E3F5F58A@meinberg.de> <YLY3f2/5k1Hjebf7@localhost> <7167BC2B-1889-4DF5-AF7C-BAAAB3586841@meinberg.de> <YLZVS4jwGOnMIk6g@localhost> <24DF9BF2-3072-4152-80D6-9F10D53A59AF@meinberg.de> <YLeFyqZp6bZY9nY9@localhost> <B5F7602A-B084-4B21-9EB2-D25AB030E1EA@meinberg.de>, <YLiFXYPBOCIsCHDq@localhost>
In-Reply-To: <YLiFXYPBOCIsCHDq@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 056bb7ec-eedd-4248-213e-08d9277b5d0f
x-ms-traffictypediagnostic: AM6PR02MB4658:
x-microsoft-antispam-prvs: <AM6PR02MB4658060BB7EA6E9BF79ED030CF3B9@AM6PR02MB4658.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: um8jaBsPBkfJ6MNCKmZUgiXsYcRXC0Kuw+GQRh3g9/f2K7KVmFMPzv8cmgWWLIfVaiEtpJJB77mArTgk+hbSYxalydSDhXjkoA4Kv0i1eGYrqpuPAMjynK8RINCbD2RlI1TBMTnJQXreMq9ZwSEeNcvgwwsvSe+HWtUsSB8pOzmdD38oH9OHqsQDx6rlN7/ghAO5fbz6RrOHcO/Orfrhw9q09c2uTaWtv72FNqloWETFZ014gmWL9fSqPtbY0OACwOs9iARVQV3Lz2b7GtGim8LBBoTu8/tc3t01KHlFg4VZnD1aXo81XHJlGSx9AMMqoR/BNtZna5XR6ktPpkVciXW4qWXEkDC/NXXWJKlwRPvvzD8PeEM02IImcPdSO01gfpr2vK5YlCZZCoLWHGVsWVc43EhM7nfMdfoSC3hPV0zgD5P69mmFpQtmaGidjETCqISHVrHqU+Z+AY7INSdnjtWFDe6nmkoOpK4oHkEk5U0EEnf8Vdd2Io1LF5VrzlBfOiO9cUS17uNSSacDX2stkr5ceq0/S2qC5ShkoRFlWetWnKheGRX8+MyqY9BrJJYlKC0oIWNFJMLcRKJfSiFukI/QcnVfXmB7eJkZkLKq5hXKMyyGLegIFNbIA3HzYqULcx5uXqoA4In9lEd6369Dgvu6i7shNwKyA+f5Ssg3hcj6ODkhKyHcW7qkv92Lg/yCGNBcFNMgyVXc+FD8/lBZ98gxCvmPknUEulLwJxJ7fEoS+aeCzA9RM2pH9Gqz9wdMRTQQMIfq+Hy9ZDriai0Lpw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(39830400003)(396003)(376002)(136003)(346002)(366004)(2906002)(4326008)(76116006)(91956017)(186003)(71200400001)(166002)(86362001)(9686003)(55016002)(83380400001)(316002)(478600001)(38100700002)(52536014)(5660300002)(53546011)(7696005)(110136005)(44832011)(6506007)(8936002)(8676002)(966005)(122000001)(26005)(66556008)(66476007)(66446008)(66946007)(64756008)(33656002)(32563001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?eHmEmHUeYjv1E8s0S7RGiEM4pmQCil+RfduurW6CVwSsl7YWzpt1SlHSLEem?= =?us-ascii?Q?lucz6JlhMiOJOzA0Xl6gAeQ85Zbwm6BYxuiPOFuB0jXIuJOaBoA5NRAv5brR?= =?us-ascii?Q?IcWVHZpXoHR1fKLi811w7EHqjc0wboJlH8IYSTJpuZoRazya/hcXcJI9K7WW?= =?us-ascii?Q?iYuk81wYo8dBsSn3PHssu6wpzYfPYlgCmEmrqB0p2EAj+vYdUXnREVZyRrKR?= =?us-ascii?Q?55dac/YTA9dSDvXyoALHj6gvYN5+f7x7DEU+pUF3ROCCf0P6CyY6ZjA9ZGD8?= =?us-ascii?Q?CZtM6jt2WTagNla+Fu+5Rpf2M23NAVMGqd7gWLZmM+B4yZco7yz1ShQgQUkw?= =?us-ascii?Q?PkHX9gm1jrTjGQ/G8Yzj1MR0QNB+8+hOLBZBEyOjRgt1A8iIz2aFiNiufLUz?= =?us-ascii?Q?iq2y7n8f5+2Y83cgX4olhiqP1pzowN4gEPomzt8AIL1vnghzoFZ6Ds0pbknz?= =?us-ascii?Q?PeTZ5eGK42P5Jo2NjaoWA+eArpAwUzYl7pxfbzKRK1ep0cDKHX0I5hkBE9pR?= =?us-ascii?Q?MuCDjd2BVQ9qf2qs0mIthWBiU3NEXmcvI0xH4/gy82swy4lDoXES/kpZTEKc?= =?us-ascii?Q?dY9Xcz/YYhcQ0eaGwW0iKYJ+j95J7aahu67BYVbdbsDF8fhcaXGu5DT7Fsju?= =?us-ascii?Q?4GP/lyhGE0wIyB4qgRvu/kqF+8l8dTtjKmxjq40gPedo8ehQBJ1w/n6APkxM?= =?us-ascii?Q?vamY29Aw2dPp/PI4D7tiVxBjfKhQTSWJqV3lN6NUn90qzwddWCaYFzN+c9ur?= =?us-ascii?Q?m50rIIs0s2iw5GaQVJP1YTZZrH9qsGKahOmO6lQRqsGy/dRMkwJXeZJmwXXq?= =?us-ascii?Q?AbxaAyZCTHuZ6HOC12/lYn7v9jVAUtO0NzPywmq/VfxspKt8ifeFUZOpQ2QT?= =?us-ascii?Q?f5Y/N6+ljuWkfxsaSGgA7mn6CN211rUGwhGYVezvhtks66qfGc/skawbrA0W?= =?us-ascii?Q?BPhiOVJv2LENgZl2JtaFFPsUV2doostlrFPf3kFqTNIsaz6vemyD/URJyx4g?= =?us-ascii?Q?R3tEVw/GesF8hw+qyGXZqGvM7zE5HPEVi7j2X4ecYtfNvrOKZcTJnnEj2oN7?= =?us-ascii?Q?XRgC06VrAbMnmXX1D9FRfzod0WqUxjCd08cod0lU7Y4nBKO0Qx1aRGFbwsiN?= =?us-ascii?Q?kOAlCBqJCd0MSXKinup8+kXXKg5rS5FLqu9WSnAhYjhFJ1j8VV7/AlvF+cdH?= =?us-ascii?Q?dbhc4AJ8YKvW8yybBApuqPuVxP76egDDFFU84Ow0/d/NlqzpAyEuLlQWAIHc?= =?us-ascii?Q?l59GEXEssNviE50QP+bv7Z1dZ+6WqMJtBiZzLC4WM+CA49dvUzL9Mr6CxZIh?= =?us-ascii?Q?X3otDy1jv9I8s7thoFkg22Z5I9tru9/Xn1/gBi3Fl5D50g=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB57652059FC2F56AB15D7D9ADCF3B9AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 056bb7ec-eedd-4248-213e-08d9277b5d0f
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2021 17:08:24.4353 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MH0dpNfrMlfdQJbzLXBNfZ2o0gg/eoVVoixcYwFl7BJZNAf2Mc4liuQiBsN2TnQA5MpaWBjSdxkO8B+xq5ZEkgrqqcKrlWecVDuMNn6kNg0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB4658
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/KxHYkW16Gio6fjoZt3C3WnMT86c>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 17:08:35 -0000

Miroslav identified three issues that are under discussion:
- Does it make sense for PTP to have a public-key based
  authentication?

A big weakness of PTP is server impersonation.  So PTP needs a security mechanism that requires that a PTP node get authenticated before it can get keys.  Also the feedback I get from both equipment manufacturers and network operators is: no new key management mechanism.  So PTP security should be based on something already in common usage, such as TLS, or IPsec.

- Does it make sense for unicast PTP to have something different than
  the rest of PTP?

Unicast PTP is actually quite different from multicast PTP, or mixed multicast/unicast PTP.  Unicast PTP with negotiation (the usually way to do unicast PTP) has an additional message negotiation stage, intended to allow PTP servers to manage their capacity.  The negotiation mechanism turns PTP into a client-server paradigm, rather than a leader-follower paradigm like multicast or mixed multicast/unicast PTP.

- Does it make sense to reuse something from NTS4NTP?

All of the commercial time server companies make appliances that do both PTP and NTP.  So the more they can have in common the better.  Most customers that have PTP running, also have NTP running at the same time.  So it will be helpful for network operators to learn about the security if it is similar, even if it just the terminology, and concepts in the standard.

Doug

From: ntp <ntp-bounces@ietf.org> on behalf of Miroslav Lichvar <mlichvar@redhat.com>
Date: Thursday, June 3, 2021 at 3:32 AM
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>
Cc: ntp@ietf.org <ntp@ietf.org>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
On Wed, Jun 02, 2021 at 06:12:28PM +0200, Heiko Gerstung wrote:
> Well, I tried to describe how it compares to all the alternatives that you and others brought up. Please excuse my confusion, but I am not sure how to proceed from here. I was told numerous times in the past that if I wanted other people to discuss a proposal of mine, then I should come up with a draft. This is exactly what I did with NTS4UPTP.

I'm glad you wrote the draft and we can discuss it.

> But instead of discussing my proposal, people start to propose alternative approaches (by mentioning them in a sentence or two, most of the time claim that this alternative is either already available or requires only a very short and compact document to describe it and matches or exceeds the security gain of our proposal).

I think that's expected. People try to convince you their ideas are
better and you try to convince them they are not, or accept their
suggestions and rework your draft.

NTS4NTP took many years to form. IIRC it was redesigned three times
from scratch. As we seem to agree, PTP is nothing like the
client/server NTP mode that NTS4NTP protects and cannot be reused as
a whole. I hope you didn't expect this would go smoothly right with
the first submitted proposal.

I think there are basically three different issues discussed:
- Does it make sense for PTP to have a public-key based
  authentication?
- Does it make sense for unicast PTP to have something different than
  the rest of PTP?
- Does it make sense to reuse something from NTS4NTP?

> The first question was why not using MACsec or IPsec. I explained that it will not work because of the loss of the hardware timestamping capabilities.

That's ok, but it needs to be explained in the draft as those are
solutions mentioned in IEEE1588.

> * DTLS: Asymmetric cryptography would have to be required to be carried out by every PTP server separately for each client (even if this happens only once at the beginning to initialize the DTLS communication). This requires a major modification to the PTP software on the server side and is also requiring more processing power on each PTP instance

I didn't realize this was a requirement. I think with (D)TLS you can
move the session between servers to avoid the slow crypto. I hope
someone who actually understands DTLS will correct me if I'm wrong. A
new TLV could be introduced to tell the client to move a different
server and the client would try to resume the session there. An
advantage over your proposal is that it could do that on each unicast
renewal and not only when the cookie expires, so it could be more
dynamic.

> * DTLS: would require to protect delay responses and announce messages from the server (in the packet transmission phase)
> * NTS4UPTP: only requires to use the integrated PTP security mechanism in phase 3 for all message types

I don't see that as a disadvantage.

> Not sure if this is more like what you would like to see from me in regards to a comparison.

Yes, that's great and I'd like to see other people comment on those
points.

> At this point I would be open to change the name of the draft so that it does not contain "NTS" anymore, if that helps. It seems that quite a number of the authors do not like that we based our proposal on their work and would rather like unicast PTP to use something else as a key exchange protocol.

Having NTS in the name is not the main concern for me.

It's the use of NTS-KE and NTS cookies that doesn't make much sense to
me. It's possible I missed some important point. In NTS4NTP cookies
are meant to offload the server state to the client, so it can be
stateless, but in unicast PTP you already have to keep some
client-specific state, so why would you need to offload some part of
the state?

> I do not think that this is reasonable, it has been mentioned numerous times now that there are quite a number of users operating both NTP and PTP sync infrastructure in parallel and I am still convinced they appreciate to be able to set up one NTS-KE server infrastructure that handles both NTS4NTP and our proposal. And: ee wanted to use the latest and greatest key exchange protocol that has been designed by security experts and time sync specialists.

The key exchange comes from TLS. You don't need NTS-KE for that.
Sharing one port with NTP and PTP might have some advantages, but I
suspect it's more likely that people will want to use two different
implementations that cannot share the port.

--
Miroslav Lichvar

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp