IETF Logo Mail Archive

Re: [ntpwg] The next step of draft-ietf-ntp-checksum-trailer

Harlan Stenn <stenn@ntp.org> Mon, 07 March 2016 10:40 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52ECF1B3E73 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Mon, 7 Mar 2016 02:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HKms6aAfsgS5 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Mon, 7 Mar 2016 02:40:38 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id 569E01B3E6E for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 7 Mar 2016 02:40:38 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 4EAF586DBCC for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 7 Mar 2016 10:40:38 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from stenn.ntp.org (stenn.ntp.org [IPv6:2001:4f8:fff7:1::30]) by lists.ntp.org (Postfix) with ESMTP id 7B0AF86D764 for <ntpwg@lists.ntp.org>; Mon, 7 Mar 2016 10:23:48 +0000 (UTC)
Received: from [::1] (helo=stenn.ntp.org) by stenn.ntp.org with esmtp (Exim 4.86 (FreeBSD)) (envelope-from <stenn@stenn.ntp.org>) id 1acsHr-000Dmy-Bf; Mon, 07 Mar 2016 10:21:15 +0000
From: Harlan Stenn <stenn@ntp.org>
To: Miroslav Lichvar <mlichvar@redhat.com>
In-reply-to: <20160307093202.GJ20222@localhost>
References: <4569da98236441699fb26aebb71f90a7@IL-EXCH01.marvell.com> <E1acVNL-000CK8-RW@stenn.ntp.org> <20160307093202.GJ20222@localhost>
Comments: In-reply-to Miroslav Lichvar <mlichvar@redhat.com> message dated "Mon, 07 Mar 2016 10:32:02 +0100."
X-Mailer: MH-E 7.4.2; nmh 1.6; XEmacs 21.4 (patch 24)
Mime-Version: 1.0 (generated by tm-edit 1.8)
Date: Mon, 07 Mar 2016 10:21:15 +0000
Message-Id: <E1acsHr-000Dmy-Bf@stenn.ntp.org>
Subject: Re: [ntpwg] The next step of draft-ietf-ntp-checksum-trailer
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: "'ntpwg@lists.ntp.org'" <ntpwg@lists.ntp.org>, "Karen ODonoghue (odonoghue@isoc.org)" <odonoghue@isoc.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

Miroslav Lichvar writes:
> On Sun, Mar 06, 2016 at 09:53:23AM +0000, Harlan Stenn wrote:
> > Autokey was defined with the requirement that its extension field be
> > protected by a MAC.  The revising language in Errata 3627 does not
> > address this at all.  One immediate recommendation is that 3627 be
> > amended to say that a MAC SHOULD be present in any packet that includes
> > any extension fields.
> 
> Why? I think presence of MAC should be required by individual
> extension fields which implement some form of authentication, it
> shouldn't be a general suggestion. Hopefully in future we will have
> extension fields for other things than authentication, and they can be
> used without authentication.

Originally, the *only* extension field defined was for autokey, and the
RFCs that included autokey all *required* a MAC.

Tal's EXPERIMENTAL proposal for the next created extension field
*cannot* use a MAC because of the way it's implemented.

Therefore, I have recommended 2 things:

- clean up Tal's' errata so that it says a MAC SHOULD be provided.  That
means "Provide a MAC unless you really understand what's going on and
have a good reason for not using one."

- Use a flag bit in the Field Type that says "My extension field does
not require a following MAC."

There are 2 players here, and I'll call them "A" and "B".  It's one
thing for A to say "I think the extension field I am sending should be
covered by a MAC".  It's another thing for B to have the option to have
looser requirements.

With the proposals I've made, we've got that sort of flexibility.

The following extension fields are currently either available or in
various stages of proposal:

- Autokey
- MAC extension field
- NTS
- Checksum Complement
- Suggested REFID
- "I'm the last extension field"

>> If we're really that concerned about this problem, then all we need
>> to do is to create a new extension field, 8 bytes long, which
>> indicates "I am the last extension field", so any data after that
>> would be an old-style MAC.
> 
> What would prevent a server from misinterpreting a random MAC in a
> client packet that doesn't include this extension field as some
> extension field?

A bunch of things, which I may have covered in some earlier emails.

Off the top of my head:

- the only 2 implemented MACs we know about are 20 bytes for MD5 and 24
bytes for DES.  There's also a 28 byte MAC for SHA.  We have at least
partial support for longer digests, at least 256 bit and 512 bit.

- a MAC consists of a 4-byte keyid and a payload.  If there is no
autokey extension field, the keyid MUST be <65535, and we SHOULD have
that keyid in our chain.  If there is an autokey extension field, the
keyid MUST be >65535 and the key ID MUST (but at worst, SHOULD) be in
our chain.  As a secondary check, we could see if there is any way the
first two octets are a Field Type, and the second 2 octets would have to
be a longword-aligned length that was <= the remaining packet length,
and if you wanted to be really careful, if there was leftover data then
this fragment MUST be an extension field, or the next fragment MUST be
either an extension field or a MAC.  So it's pretty easy to validate
these things.

We can also see if it processes "both ways".  But more telling, if we're
dealing with an older/current server, there are limited options.  If
we're dealing with an "updated" server, we'll have enough information in
the packet to know what it contains.

I'm thinking the only other situation is somebody has an NTP network
where they need to send out both old and new style packets.  If they are
this "complicated" then I gotta believe they have the smarts to
understand their deployment, and if they *do* have problems they should
have the resources to configure their NTP network so that they send new
packets to new clients, and old packets to old clients.

But I also figure I could have missed something.
-- 
Harlan Stenn <stenn@ntp.org>
http://networktimefoundation.org - be a member!
_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email