[Ntp] Antwort: Re: NTS Pools

martin.langer@ptb.de Thu, 29 February 2024 12:59 UTC

Return-Path: <martin.langer@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B621AC1516E9 for <ntp@ietfa.amsl.com>; Thu, 29 Feb 2024 04:59:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.928
X-Spam-Status: No, score=-3.928 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id dCQElysXiZPb for <ntp@ietfa.amsl.com>; Thu, 29 Feb 2024 04:59:32 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FD11C151088 for <ntp@ietf.org>; Thu, 29 Feb 2024 04:59:30 -0800 (PST)
Received: from s23397.bs.ptb.de ([]) by mx1.bs.ptb.de with ESMTP id 41TCxSMO032186-41TCxSMQ032186 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 29 Feb 2024 13:59:28 +0100
MIME-Version: 1.0
In-Reply-To: <CAPz_-SUSEDaFgfwvnm_FQ5M9jjAAp2Df3A7RTuYY2KPmSq5FkQ@mail.gmail.com>
References: <CAPz_-SUSEDaFgfwvnm_FQ5M9jjAAp2Df3A7RTuYY2KPmSq5FkQ@mail.gmail.com>, <OF2E6B0FFD.229AD710-ONC1258ACB.004EFEAA-C1258ACB.0050896E@ptb.de> <Zdx0Nst2_w1mEMKG@localhost>
From: martin.langer@ptb.de
To: David Venhoek <david@venhoek.nl>
Cc: NTP WG <ntp@ietf.org>
Message-ID: <OFB0C62212.13A1C077-ONC1258AD2.0046C12E-C1258AD2.00475BF8@ptb.de>
X-Priority: 3 (Normal)
Importance: Normal
Date: Thu, 29 Feb 2024 13:59:26 +0100
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=mime-version:references:subject:from:to:cc:message-id:date:content-type; bh=YgsUJvMGpKeabk0WiwFo86uP1yRoV8vEqRPzQ59tLuk=; b=Tpfy1rMRyvjxnB/+dKio5LIusz6b5Zj8yxLhNktFFmNA4RtuX4p9jSVaEPX2iscgFIE+ud9ukDqQ /eg93dcrsoJFQYDXb97LhsX8b0YxrDWWfH4JCn+4/96gX31Ebg2BhH2hJVyF1Wi+nnh10TpE1Bwv zVDX1P1W0KNGkiUnZ5vGvOXi82MeC27RU9k2LbFlz1jGSTCsQHI8eRarQtumuuP5K6FGu+OjDB3C BgK/D03SJk8BhWLHh1VIwZB85FfmLase1QGTOQ7O8nDVt7Rbf4hYviC/g9IDgOdAtp49kOVaG9m9 cML8dkKCU1wcvFqrqPiD8/dPL/vqW+D7OgWinQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Nt2I1SeU5O3mbwtCzQyOcJS0TeE>
Subject: [Ntp] Antwort: Re: NTS Pools
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 12:59:36 -0000

Hello David,

thank you for this. It is very helpful.

Before developing and implementing a solution, we should first identify the potential threats.
An NTS/NTP pool makes the security assessment more difficult because we provide more attack vectors.
In addition, the question of an "initial" time to verify certificates becomes even more important.

Do you happen to know how NTP pools are queried? Is it done over the HTTP protocol?

Best regards,

Dr.-Ing. Martin Langer
Physikalisch-Technische Bundesanstalt (PTB)
Working Group 4.42 "Dissemination of Time"
Bundesallee 100,
38116 Braunschweig (Germany)
Tel.: +49 531 592-4470
E-Mail: martin.langer@ptb.de

-----"ntp" <ntp-bounces@ietf.org> schrieb: -----
An: "Miroslav Lichvar" <mlichvar@redhat.com>
Von: "David Venhoek" <david@venhoek.nl>
Gesendet von: "ntp" <ntp-bounces@ietf.org>
Datum: 28.02.2024 09:30
Kopie: martin.langer=40ptb.de@dmarc.ietf.org, "NTP WG" <ntp@ietf.org>, Dieter.Sibold@ptb.de, Kristof.Teichel@ptb.de, "Rainer Bermbach" <r.bermbach@ostfalia.de>
Betreff: Re: [Ntp] NTS Pools

Hi All,

I have made a spreadsheet showing a short overview of the implications
of the various options, see
https://docs.google.com/spreadsheets/d/1rxEArrbN5OKgsFI9KUzmOzI1twDztQc6aEUZr5WelVU/edit?usp=sharing" rel="nofollow">https://docs.google.com/spreadsheets/d/1rxEArrbN5OKgsFI9KUzmOzI1twDztQc6aEUZr5WelVU/edit?usp=sharing

Glossary of terms:
Pool: the actual entity operating the dns record and infrastructure of the pool
NTP provider: entity providing time as part of the pool.

The options currently included in the sheet are the following:

Upgrade from IP
Suggested by among others Martin

Idea: Client gets IP address via DNS, if it also accepts connections
on tcp:4460 then upgrade to NTS. The server on tcp:4460 uses a TLS
certificate for the IP address on which it is running

DNS SRV records
Suggested by among others Watson, Miroslav, Christer

Idea: Client gets SRV records via DNS containing FQDM of actual NTP
provider. It then does NTS-KE with the FQDM in the srv record. The ntp
provider has a certificate for the domain name in the SRV record.

Shared domain name
Not sure who originally suggested it.

Idea: All NTP providers run their own NTS-KE servers under the domain
name of the pool. All providers have TLS certificates for the pool
domain name.

NTS-KE generating cookies
Suggested by among others Miroslav

Idea: Pool runs NTS-KE server which generates cookies for the various
NTP providers.

NTS-KE load balancer
Suggested by among others David

Idea: Pool runs NTS-KE server which contacts an NTS-KE server from the
NTP provider and they coordinate to create cookies.

Separately from the discussion on which infrastructure approach to
take there has also been a discussion on the security model.
Essentially, there are two forms of trust involved in NTS (credit
1) Trust that I am talking to the server which I intended to talk to.
2) Trust that the server I am intending to talk to has the correct time.

The discussion on technical approach mainly affects 1. 2 depends
mostly on how the particular pool is operated (note that this means
that, unlike with the NTP pool, there is thus room for more than 1
type of public/wide area pool)

Hope this clarifies the discussion for those not as intimately
involved. If anything is missing in the sheet please suggest edits
either here or on the sheet.

Kind regards,
David Venhoek

PS: I will email separately later with an indepth reaction to the
points raised by Martin, Dieter and Miroslav, as I am out of time for
now. However, this should provide a reasonable overview to serve as
the foundation of that discussion.

On Mon, Feb 26, 2024 at 12:21 PM Miroslav Lichvar <mlichvar@redhat.com> wrote:
> On Thu, Feb 22, 2024 at 03:39:40PM +0100, martin.langer=40ptb.de@dmarc.ietf.org wrote:
> >    I was talking with Krisof Teichel, Dieter Sibold and Rainer Bermbach about
> >    how we should handle NTS secured NTP pools. It's not easy as there are
> >    different perspectives on the purpose, use cases and security
> >    considerations. In general, I think I can provide support from the PTB
> >    side, even though I have very little time for it at the moment.
> I'm getting lost in these "NTS support in pools" discussions. I'd
> appreciate if someone could clarify what exactly is meant by pool and
> what is the intended use case in the different proposals.
> For me, a pool is a set of servers available under the same DNS name,
> which can be specified in the client's configuration with a pool
> directive to use some number of the servers at the same time instead
> of a single server. There is the well-known pool pool.ntp.org with
> thousands of servers provided by volunteers and there are other
> smaller pools run by different companies and organizations.
> This DNS-based concept of a pool works with plain NTP and it works
> also with NTS. There can be multiple NTS servers available under the
> same name. The client can use more than one server at the same time.
> The NTS-KE part can be separated from the NTS-NTP part. The client
> doesn't care. I've been using my own mini pool of NTS servers without
> any issues since NTS became a thing.
> There are now three different proposals to solve some issues with NTS
> wrt pools. There is the older one from Watson based on DNSSRV records
> and two newer ones from David and Martin. Can anyone summarize what
> issues do they solve and don't solve?
> One idea seems to be to run one NTS-KE server with multiple NTS-NTP
> servers and mix different implementations of NTS-KE and NTS-NTP. What
> exactly is the use case for that? My understanding is that NTS-KE is
> the weakest part of the whole system, most easily overloaded and it
> the ratio should actually be inverted, run more NTS-KE servers for one
> NTS-NTP server.
> If NTS was to be supported in the pool.ntp.org pool, I think NTS-KE
> servers would need to be run by the volunteers, not on the
> pool's own limited resources. I'd not expect many of them to be
> separated from NTS-NTP and even fewer of them mixing different
> implementations.
> If I have a limited number of computers to provide an NTS service, why
> would I want to split them into NTS-KE and NTS-NTP servers, when they
> can all provide both functions at the same time and provide a larger
> capacity for NTS-KE and NTS-NTP?
> --
> Miroslav Lichvar

ntp mailing list
https://www.ietf.org/mailman/listinfo/ntp" rel="nofollow">https://www.ietf.org/mailman/listinfo/ntp