Re: [Ntp] An NTPv5 design sketch
Daniel Franke <dfoxfranke@gmail.com> Wed, 15 April 2020 15:57 UTC
Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3E7E3A0B53 for <ntp@ietfa.amsl.com>; Wed, 15 Apr 2020 08:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L0z0neaYUdEH for <ntp@ietfa.amsl.com>; Wed, 15 Apr 2020 08:57:58 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B813A0B2B for <ntp@ietf.org>; Wed, 15 Apr 2020 08:57:58 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id i75so3752443ild.13 for <ntp@ietf.org>; Wed, 15 Apr 2020 08:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=il57opLKc6do0kBZjKdgvQPL4tS5sj4u8l5OAF6is8U=; b=CXnz6jNQ0LTB25saCswWIJ9Y8j83J5AUwTWbC6PwW3nBKaushF/q+xTPi+W7NnuMNe Z5NWceHi10mTp0AwhhHBTeCfW1l8aPOYH5Glp1DqUGa4wfMNxVuF+qdMOlmlfgSyXrp/ hXa+mknucpSeHUr/Nypuj1KxVnfo+02/Rd5dHi7PdHaqBZVjzuPHw4sPqybjBzY+m6Ei 1vLwVat/LzgSRawblSWM8GWC6rZA9T5MSkL2VXWf9PzwyhsHfdNaA7mY1nSQo+V3v4Gp /aAjZA9NZM5XdadRyP/3l9+xaqMiebV2V21Dqv+yDSDELxfSmnXQovpnerPjiArgu9Yf RXpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=il57opLKc6do0kBZjKdgvQPL4tS5sj4u8l5OAF6is8U=; b=uAFpbpmBrJIPGwUKR0v+nLQPYztEFj0ARLtkIqW/q9LCSBft4pJyFXfULn3izf8Lg5 MGmuDgzDxcM29lmXozQregFP3cMZZ94X9vjC8jl3iD79sC1k8ei0JiKxYBCopoHhVwcY rpU0wqHDXwXSstNXevqH5rL/9Mf1D1eDrAfEfcYv+x5bxm0gkElVkUdWWv2IcGIMqLTE m1wG9iiqCBqpSOHyKV6z0Gf4tvglp1VOctAVYRS+fLZ/WVtjKYm0M5SUy8ejx14ryF+I 5a9ilqmgGA/0K0JXPz8GV/iHGo9aMrSJw/ObNCDsnjbKO4+OBulkgB7KAI2Zu2RNKZRd etTQ==
X-Gm-Message-State: AGi0PuanjrydmpTmpU1Q7K6NvNO9r2Peign4MoX7auM8oWccLgmAU3w4 2mzBIlpL1WvkJCeo3rNjS1gPvOCW8O1QG6ShjhY=
X-Google-Smtp-Source: APiQypKgo/Z7ZVgM2Z2vh6rhJUyeXLPGl3EbLQzr+bGGP68vX91l9LIC3Mb/3jgtPhT6b0XyfBQVLfdxR1FxILnLrco=
X-Received: by 2002:a92:d447:: with SMTP id r7mr6175851ilm.76.1586966277263; Wed, 15 Apr 2020 08:57:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost>
In-Reply-To: <20200415072023.GG1945@localhost>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Wed, 15 Apr 2020 11:57:45 -0400
Message-ID: <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/NXD66oznwQ3Iz75UrKtBMXH_v2g>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 15:58:00 -0000
On Wed, Apr 15, 2020 at 3:20 AM Miroslav Lichvar <mlichvar@redhat.com> wrote: > > That code will likely need to be updated to fix security issues. So will the NTP code itself, not to mention the OS kernel and whatever else your device is running. Different NTP implementations have had serious security issues with widely varying frequency; so have different TLS implementations. I'm not going to engage in arguments about the precise quantity, severity, or inevitability of these vulnerabilities; I'm just asserting the lack of a qualitative difference in the historical need for patching. > Crypto is hard. NTS > requires other things that were not needed with plain NTP. It needs a > full TCP stack and AES-SIV-CMAC. It needs certificates, NTS-KE servers > and some naming for the servers (e.g. DNS). It needs a much more > powerful CPU to be able to perform a TLS handshake in reasonable time > and processing of NTP packets is orders of magnitude slower even with > a hardware AES support. There is also the requirement on having a > rough idea of current time in order to validate the certificates. > > For people who need to synchronize computers in an isolated network it > is a lot of extra work. SNTP or NTPv4 may not be good enough for > accuracy (unless they support correction fields). > > There are other authentication mechanisms with different tradeoffs > that people might want to use. You're mixing concerns about constrained devices with concerns about isolated networks and system administration, which are two very different spaces with different considerations, so I'll address those separately. Constrained devices: microcontrollers from the mid-range upward are plenty capable of TLS and most of them explicitly advertise as much. The ones smaller than that aren't designed for networked applications at all; they're designed for like, tying a few pins from an LED or a motion sensor together with a with a few pins on an I2C bus. The gap in capabilities between being able to handle all of the network stack except TLS and being able to handle TLS is tiny, and I assert that in practice it's non-existent — because TLS is already so ubiquitous that there's no market for a networked µC that can't handle it. Isolated networks: TLS doesn't require certificates or DNS! X.509 supports IP-based SANs, and TLS supports PSKs, bypassing X.509 altogether. If today's software support for such options is lacking or its UX is poor, remember that none of this is getting deployed tomorrow; if we get this done in three years I'll consider it to have gone smoothly. When we first decided on AES-SIV for NTS, there was barely any support for that either. That situation changed because of the interest that this WG generated. > I don't see a single reason why NTS should be a requirement of NTPv5. > It would help if you could explain why do you think it should. NTPv5 (as I've sketched it) depends on NTS for more than just cryptographic security; it's also version negotiation (NTS Next Protocol), server discovery (Server and Port Negotation), and anti-amplification (address-bound cookies). Making NTS optional would require alternative approaches to all these issues. It would also complicate the packet format and add landmines for implementers (granted, already present in v4 NTS) around correct handling of unprotected responses.
- [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] [EXT] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] [EXT] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antwort: Re: An NTPv5 design sketch< kristof.teichel
- Re: [Ntp] An NTPv5 design sketch Salz, Rich
- Re: [Ntp] An NTPv5 design sketch Kyle Rose
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 design s… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 desi… Miroslav Lichvar