Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
Daniel Franke <dfoxfranke@gmail.com> Tue, 01 June 2021 09:41 UTC
Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA2F73A0E3F for <ntp@ietfa.amsl.com>; Tue, 1 Jun 2021 02:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXLosTplsHYt for <ntp@ietfa.amsl.com>; Tue, 1 Jun 2021 02:41:07 -0700 (PDT)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40DAA3A0E37 for <ntp@ietf.org>; Tue, 1 Jun 2021 02:41:07 -0700 (PDT)
Received: by mail-pf1-x42d.google.com with SMTP id u18so757769pfk.11 for <ntp@ietf.org>; Tue, 01 Jun 2021 02:41:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=8lU5SM19no9RJp/B4GO7o/PTzxJRj5CEYY2akfc3EGI=; b=jGJRIg2XwHVeWWNs4BmeOyxbbf8pOMQNvtNlWTKN/3/In9UyYIV7MpF+Kplao6+IQD DfNcLPSIzm4Ye87sqRIYAIWf6IuP9VnO+VP+hF8S3wKhS4NW92Ve0JbKwnDc9TA6zKAN 0Me6y+Ds8lNfp8GGH+5KIiA7lkNNluPLO3VblLqGqGts7sPTEruQE58kVb/WmvcuN9T+ u/wb2JJtvi2xxKYOE87nnGJS7wdGLK3xQDPpxfk/jv41JCG80IGv5oj9Q3zva3RIPzqO wrdBnYsaJ8GaBl1EbXWYSxtF2vf0P5xHS1QSQAhY+nOM42aMwRnZisz0B0BsChlGcm0K 8J3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=8lU5SM19no9RJp/B4GO7o/PTzxJRj5CEYY2akfc3EGI=; b=SiLz8mflLYELAYtlijELb/0kCeOfwiY16gzcW8AhnYSYU0psX+KRKhBVCo2orJyqI0 kAl+V9J8GIfc3h71/a/ohDTmdLzmgJZsR55Hefp+Od/PeJdC65SJHm1x0lB42AhNcV6X sCm8xYLv12qvo0pfzRbcb0KAmqLTfDlYsDuUl8Ddf12VipHG+Oy13xaVTgmkPn0XCNGJ 4Ic0lR3SmsbOwkCn4Hh352tRLTaNt024+UAsjnEhX8eBJTaSerAYCIVnouffp9nl3YmP yYZKoCFl878MWTVezbcarW+3SEavBm7JS3mcJN1tr1fdCKBkr0hxT/gQ2SE5CGWD+5mt lgug==
X-Gm-Message-State: AOAM530HLEH3HdVxjh4z9BEBxQJNq/FzuiSr+pJEWt+mhQrpotZJMbTf YVv2KzEBM76NOZsR4GBR/+CaCDh32RuoznRi0JZpK6I6
X-Google-Smtp-Source: ABdhPJyp3WLKVWTG9YiwBr7VgjzSU6j+DPebwwLVtwMWh1gbiCrDIvbs4y39Gbm7KVctNS4/oZcixJlX/iT7LkJiuvI=
X-Received: by 2002:a63:d710:: with SMTP id d16mr26805090pgg.214.1622540465409; Tue, 01 Jun 2021 02:41:05 -0700 (PDT)
MIME-Version: 1.0
References: <4d131472-e8a9-32ce-e8b7-9deed6437bf4@meinberg.de>
In-Reply-To: <4d131472-e8a9-32ce-e8b7-9deed6437bf4@meinberg.de>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Tue, 01 Jun 2021 05:40:54 -0400
Message-ID: <CAJm83bDb3M7djSKPfSmfTYuU=vYnXiPJdoCLdTzxCk2cUbax_Q@mail.gmail.com>
To: Marius Rohde <marius.rohde@meinberg.de>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/NAVIlMnU5wdTR4kXX_hTtE3coYo>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jun 2021 09:41:12 -0000
On Tue, Jun 1, 2021 at 3:43 AM Marius Rohde <marius.rohde@meinberg.de> wrote: > Firstly, from a security point of view, every network that is not just > accessible physically or logically by privileged persons, processes or > computer systems should be considered insecure. And that is not just > true for the Internet ;). To rely only on firewalls is a flaw in the > design of the infrastructure. You should always implement as many lines > of defense as feasible. Additionally, think of misconfigurations, > insiders, or everything you have not been thinking about. > Do not get me wrong, I know that it is always a question of risk > management how many time and resources an attacker has to invest to > break the system. I think our part is not to decide which risk/security > goals people should achieve but to give them well documented > opportunities to get the security level they need. To illustrate any gap between NTS4NTP/PTP and NTS4UPTP security, you already have to assume some things that are not good security practice to assume in general, because under conservative assumptions they both provide half-RTT security and nothing better. Please be more concrete about what adversary powers you think NTS4NTP/PTP falls short on but NTS4UPTP adequately supports. In your first sentence I think you might be getting at "run an unprivileged process from a privileged network position", but NTS4NTP/PTP is already fine there because unprivileged processes can't spoof network addresses that don't belong to the host, bind to low-numbered ports, or bind to ports that are already in use by other users. "Misconfigurations" in general are not something we can possibly support, since misconfigurations could include turning off NTS; if you think there are particular classes of misconfigurations we need to support, please characterize the boundaries of those classes. > IMHO NTS4NTP/PTP is currently not on the same level of security like > NTS4UPTP because it does not provide the security to adequately ban the > amplification monster PTP nor the guaranteed PTP precision in the > borders of NTP. I've already described how to mitigate DDoS amplification without the need for key exchange. To require the user to set up and maintain a PKI just to accomplish this is unnecessary and silly. > In addition, I am not convinced that NTS4NTP/PTP would make it easier to > setup a PTP infrastructure than to use NTS directly built in the > protocol from a user’s point of view. Clearly it's easier today, since the tools for NTS4NTP/PTP already exist, and NTS4UPTP doesn't. I never claimed NTS4NTP/PTP would be easier for the user in a hypothetical future where both approaches have been fleshed out thoroughly and support for them is ubiquitous; in that world the two seem about equally easy to use. > I do not have a crystal ball and cannot say what will be tomorrow but to > say - today people are not using it over the internet, so we need no > additional security - is not a valid argument. Good thing, then, that that isn't at all what I'm arguing!
- [Ntp] NTS4UPTP Rev 03 - Formal request for WG ado… Marius Rohde
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke