IETF Logo Mail Archive

Re: [Ntp] An NTPv5 design sketch

Doug Arnold <doug.arnold@meinberg-usa.com> Thu, 16 April 2020 16:11 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90D053A0D4B for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 09:11:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dI4C3FCbr7c for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 09:11:25 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50063.outbound.protection.outlook.com [40.107.5.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03AF83A0D0D for <ntp@ietf.org>; Thu, 16 Apr 2020 09:11:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NNVkR76ChhrLpDSsOW5+BgOfv/h6DuZMEHj+J0JSihykg2buCsIk6hihkCRaiN3suVC56IUoyoLL+HOC7mC7rmvnXtUMoZG9rx8a+lsEFHQSQC4SsPCHsPAk9Iyt/0zvvrj6UkCzgHmrTMSQCvUfYS2aqmKQ5FxOiNJ8otoarley9ldc1AZVd87B9+8wal4JndmiQzxA79w46LTWRp4E39IcRecJBV5K1M1MBdf9po20OIE5//NbSq4ZwxiU/3mIvOKGN8f3ihcvMk77IMdL+EdSyf2vXhOAyzzrq3xgFBqMpLcS5gQh4ISU1uUZLLzTbFbBmgsbc78Hqj8P4VPIow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9s330191cEeOGzhxl+WhwiTU3hQLZ3Ol3JgJXZ4toWc=; b=FJ93Jy6YNVQEjFbPHb6w+VGgVwWLvdgN+RunZV+3PVVGYaTp2kGILAOIzcUUhLFa9DSsLoTAHnQ3kPJVIoRAgsESfixfhDfUB+NaJBTSgKVO8ZEksBOkEx5CNw1WXPJjg60jN1FpJXsUAb8bYckvQ98hcrj6O4Q0x9dk8ZoxIGXfogp9jumhXqS5Gf2EdV8sNJyqpzib6fg03Tev/Q20GIYQuepsY3oZlVGjxUzmEE0EO2OJKhCiV9EgcTYyd6CFXok7fNBeF8TYLPgX27iqf4wnJMpEVi3nbeAPu3x2fRyuMeBO3Dhsd4rNQhzEBMVVxdPtEcSVJZF+rg8IHI8twQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9s330191cEeOGzhxl+WhwiTU3hQLZ3Ol3JgJXZ4toWc=; b=I7+Ym8sJtfFzry5mqElbtq0AGhqiGtX7p1pfUYZyWD1xjCW5GuEpQHgojZbPhl4P1iRYRVOK09RdtxWQv8BGYee/Q1HdKQfcHE2W/6YELr/P5/UWOv5kzK8RE1Dxrd6Z71ZubCo1PCM0FsO0QqH3mHT05PIaG2g/6bEZ+0ExHDo=
Received: from DB8PR02MB5611.eurprd02.prod.outlook.com (2603:10a6:10:eb::31) by DB8PR02MB5498.eurprd02.prod.outlook.com (2603:10a6:10:bf::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25; Thu, 16 Apr 2020 16:11:22 +0000
Received: from DB8PR02MB5611.eurprd02.prod.outlook.com ([fe80::9525:30ab:defe:44a6]) by DB8PR02MB5611.eurprd02.prod.outlook.com ([fe80::9525:30ab:defe:44a6%7]) with mapi id 15.20.2900.028; Thu, 16 Apr 2020 16:11:22 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Daniel Franke <dfoxfranke@gmail.com>
CC: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] An NTPv5 design sketch
Thread-Index: AQHWEOYv5hVc24KDEky093B5a71QhKh4fQ+AgAA8gQCAAA4YgIAACmqAgAD4yYCAAJCNgIABFBmAgACBIBk=
Date: Thu, 16 Apr 2020 16:11:21 +0000
Message-ID: <DB8PR02MB5611418689CEA2FB66C0FD80CFD80@DB8PR02MB5611.eurprd02.prod.outlook.com>
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost> <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com>, <20200416082557.GI1945@localhost>
In-Reply-To: <20200416082557.GI1945@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=doug.arnold@meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 55978d68-32a7-4d6e-9e3a-08d7e220ce11
x-ms-traffictypediagnostic: DB8PR02MB5498:
x-microsoft-antispam-prvs: <DB8PR02MB5498AB651B9BC82F91AB8A35CFD80@DB8PR02MB5498.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0375972289
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8PR02MB5611.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(136003)(396003)(39830400003)(366004)(376002)(346002)(316002)(966005)(66476007)(5660300002)(110136005)(2906002)(66946007)(91956017)(76116006)(508600001)(66446008)(66556008)(64756008)(186003)(86362001)(44832011)(4326008)(9686003)(55016002)(7696005)(71200400001)(26005)(6506007)(53546011)(19627405001)(8676002)(52536014)(33656002)(81156014)(8936002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: meinberg-usa.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 51o8L/GpuKrHkuIB3H9U/gWAT2Wtfd8tAL4lNnVput9Pdpi1Eks4EYlUZeO/9ZNWMyA8bNxKZGrJWbaW4TN+SSBGuwWfZAi+RqeWO/EZYtD3UALBMLL8Ebm5doDHeX5YMOWYjuXZpJS+nAotXTota4RkXwNRMd2HS/EGMxJLNSBHgVmiZvrpnYvsmW8PlY77igVLzdCyLTsnmTuVjXpVauSXizWZamPIqgNCmz7j8F58dntY8LmO87XrKd3OQ7WMQK+mYdRMi3/y+vjkULm1N6MnIVxXf8YCaE/C9YwqT+gzhA1XJFaOF1YKaFSLnmjy4c9sY6Rt9Ndb5a+z9S8M0us1xRYWtPQVNQiLIb/YtSNXLCEJS5QGBHLl8J/XfZgr8H4VIkW3knr5C2AezYAcwxwxbUKx9xbkwEdqmnywaRxTonFIW7IdpzXH7wbgO3i89VAnjhZP/to7X7ledBwJeClv45eLvzbBXbkH9BT4kIzoMFgsh4ZY9Z/F5u2cwwchuvA8HGNbgU6V3YvpQaY/XA==
x-ms-exchange-antispam-messagedata: Zoq4DjHzpoCMJcfg1lSAr+zspu3VY+ArA+L04LHFQXxxjvLeo/upnoUbY3qiryb1VgowE6GE93kzhaoB+av8dNS2yeA0sSk/HfbjQjsWiKNuoaLx7nzMLM3tp13S2V+dcw3ftcnfPeQTlNg01ElVGw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB8PR02MB5611418689CEA2FB66C0FD80CFD80DB8PR02MB5611eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 55978d68-32a7-4d6e-9e3a-08d7e220ce11
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2020 16:11:21.7158 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: S68zU5Iq06h2VpViuXzehTpx9jaqk5DUZqBMsJlhIEKspbFBWezOabb5t660k0pZ08310orX/8/ysHfpWc86VWyiZydEu7yt4h7fgsxWi6s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR02MB5498
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/pSsA_XzFo7lqiB6E9PtWO-ERrcg>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 16:11:31 -0000

Supporting simple harware implementations in closed specialized networks, like a robot, is a problem already well solved by PTP.  Making NTP do that does not help solve technical problems.  Making a timing protocol that is robust and secure is not at all solved by PTP.  That is how NTPv5 can make the world better.

Doug

________________________________
From: ntp <ntp-bounces@ietf.org> on behalf of Miroslav Lichvar <mlichvar@redhat.com>
Sent: Thursday, April 16, 2020 1:25 AM
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: NTP WG <ntp@ietf.org>
Subject: Re: [Ntp] An NTPv5 design sketch

On Wed, Apr 15, 2020 at 11:57:45AM -0400, Daniel Franke wrote:
> On Wed, Apr 15, 2020 at 3:20 AM Miroslav Lichvar <mlichvar@redhat.com> wrote:
> >
> > That code will likely need to be updated to fix security issues.
>
> So will the NTP code itself, not to mention the OS kernel and whatever
> else your device is running.

The device may be very simple. It may not have an OS and NTP may be
the only networking it does. It could be measuring intervals in a
physics experiment, or controlling a robot in a factory. Consider
where and why PTP originated and that NTPv5 with its correction field
might be usable there too.

> Different NTP implementations have had
> serious security issues with widely varying frequency; so have
> different TLS implementations. I'm not going to engage in arguments
> about the precise quantity, severity, or inevitability of these
> vulnerabilities; I'm just asserting the lack of a qualitative
> difference in the historical need for patching.

Well, that would be an interesting exercise, but I think just from the
nature of the domains it's much more likely a TLS code will need to be
patched than an NTP code written with the same care. It would be also
interesting to compare just the protocols alone. How many issues does
NTPv2 from 1989 (which is not that different from NTPv4) have?

> > It would help if you could explain why do you think it should.
>
> NTPv5 (as I've sketched it) depends on NTS for more than just
> cryptographic security; it's also version negotiation (NTS Next
> Protocol), server discovery (Server and Port Negotation), and
> anti-amplification (address-bound cookies). Making NTS optional would
> require alternative approaches to all these issues.

I don't see a big problem with that. Supporting NTS is much more
difficult than supporting those extensions would be.

Being able to use other authentication mechanisms (e.g. symmetric key,
or a successor of NTS) is an advantage.

> It would also
> complicate the packet format and add landmines for implementers
> (granted, already present in v4 NTS) around correct handling of
> unprotected responses.

Protected responses need to be handled in the same way as unprotected
responses. You never know if the server isn't compromised and trying
to attack you.

--
Miroslav Lichvar

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email