Re: [ntpwg] The next step of draft-ietf-ntp-checksum-trailer
Harlan Stenn <stenn@ntp.org> Tue, 08 March 2016 06:40 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfc.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 317811CE0B4 for <ietfarch-ntp-archives-ahFae6za@ietfc.amsl.com>; Mon, 7 Mar 2016 22:40:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.41]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5_eKifWRmuC for <ietfarch-ntp-archives-ahFae6za@ietfc.amsl.com>; Mon, 7 Mar 2016 22:40:38 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfc.amsl.com (Postfix) with ESMTP id 1E2E41CE0B9 for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 7 Mar 2016 22:40:38 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id AECE686DAF7 for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 8 Mar 2016 06:40:37 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from stenn.ntp.org (stenn.ntp.org [IPv6:2001:4f8:fff7:1::30]) by lists.ntp.org (Postfix) with ESMTP id 3FC7086D4A6; Tue, 8 Mar 2016 06:24:53 +0000 (UTC)
Received: from [::1] (helo=stenn.ntp.org) by stenn.ntp.org with esmtp (Exim 4.86 (FreeBSD)) (envelope-from <stenn@stenn.ntp.org>) id 1adAzY-000FGy-R5; Tue, 08 Mar 2016 06:19:36 +0000
From: Harlan Stenn <stenn@ntp.org>
To: mayer@ntp.org
In-reply-to: <56DE4BC8.9000103@ntp.org>
References: <4569da98236441699fb26aebb71f90a7@IL-EXCH01.marvell.com> <E1acVNL-000CK8-RW@stenn.ntp.org> <20160307093202.GJ20222@localhost> <E1acsHr-000Dmy-Bf@stenn.ntp.org> <20160307112840.GK20222@localhost> <E1acuOC-000Dwm-SV@stenn.ntp.org> <20160307131625.GA3209@localhost> <OFD1361D67.E13510CC-ONC1257F6F.005BF6CC-C1257F6F.005E2416@ptb.de> <E1ad42y-000EfP-Da@stenn.ntp.org> <56DE4BC8.9000103@ntp.org>
Comments: In-reply-to Danny Mayer <mayer@ntp.org> message dated "Mon, 07 Mar 2016 22:49:28 -0500."
X-Mailer: MH-E 7.4.2; nmh 1.6; XEmacs 21.4 (patch 24)
Mime-Version: 1.0 (generated by tm-edit 1.8)
Date: Tue, 08 Mar 2016 06:19:36 +0000
Message-Id: <E1adAzY-000FGy-R5@stenn.ntp.org>
Subject: Re: [ntpwg] The next step of draft-ietf-ntp-checksum-trailer
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: "Karen ODonoghue (odonoghue@isoc.org)" <odonoghue@isoc.org>, "'ntpwg@lists.ntp.org'" <ntpwg@lists.ntp.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>, ntpwg <ntpwg-bounces+dieter.sibold=ptb.de@lists.ntp.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
Danny Mayer writes: > On 3/7/2016 5:54 PM, Harlan Stenn wrote: >> Hi Dieter, >> >> dieter.sibold@ptb.de writes: >>> "ntpwg" <ntpwg-bounces+dieter.sibold=ptb.de@lists.ntp.org> schrieb am >>> 07.03.2016 14:16:25: >>>> On Mon, Mar 07, 2016 at 12:35:56PM +0000, Harlan Stenn wrote: >>>>> Originally, if there was an extension field there MUST be a MAC. >>>> >>>> Right. That requirement was not necessary and it was later removed. >> >> The above claim has not yet been proven. > > See RFC 5905 Section 7.3 where it was optional but 7.5 said it was > required in the presence of an extension field. It was ambiguous and has > been clarified in the EF draft. Yes. It is optional UNLESS THERE IS AN EF. Then it is required. If the errata does not make this clear or reinforce this, the "clarification" in the errata is wrong. >>>>> MAC protection is good. NTS uses a 'single' Field Type, but the >>>>> first few packets have no MAC protection. Therefore, the first >>>>> few packets of an NTS exchange arguably MUST have MAC protection >>>>> outside the NTS packet >>>> >>>> With what key would that MAC be generated? Unless I misunderstood >>>> how NTS is supposed to work, the first few packets are simply not >>>> authenticated and can't be used for anything except initialization >>>> of the NTS association. >> >> Answered in a separate email - symmetric key is AVAILABLE for this. >> Doing this is a MAY/SHOULD. Not a MUST. If the above quote came from me, it's not clear that the first few packets of the NTS exchange MAY/SHOULD have MAC protection. I don't recall the context anymore. Starting with the 7th NTS packet, the NTS EF has a MAC. We need to see what, if any, extra protection should be applied to the first 6 packets. >>> Harlan, I do not agree that you need to protect the association and >>> key exchange of NTS. The goal of the first exchanged messages of NTS >>> is to securely authenticate the server and exchange the cookie. Please 'splain to me how you can "securely authenticate the server and exchange the cookie" with no MAC on the first exchanged message. >>> And yes, tough these messages are piggybacked on NTP messages, they >>> do not protect NTP's time stamps. However the NTS messages in itself >>> and especially the cookie exchange message are cryptographically >>> protected. So the first 6 messages are cryptographically protected but the timestamps are not protected? I have not dug in to the NTS protocol dance. I am curious how the initial cookie exchange can be trusted if the timestamps are not protected. >>> A client has the choice to trust or not to trust the time >>> stamps exchanged during the association and cookie exchange. The iburst exchange is an ideal opportunity to exchange NTS keys. It's also a critically important time to exchange trustable timestamps. So the first 3 of 8 exchanges SHOULD be protected with a MAC until NTS is protecting the timestamps, as that's the startup period where we're trying to quickly and safely get enough samples to get the filter primed and see if the loop is stable. >>> After the cookie is being exchanged all following time requests and >>> responses are of course protected by a MAC. So, a client always has >>> the option only to trust the authenticated time stamps. I don't see >>> that anyone want to distribute manually symmetric keys only for the >>> purpose to protect the first three message exchanges of NTS. iburst. Folks want ntpd stabilized in the first 11 seconds' time. If that takes 15 or 17 seconds' time because we have to ignore the first few packets that will cause complaints, but these folks can set up symmetric keys or make other changes to mitigate this problem. We're expecting NTS to be of more value in a WAN setting than in a LAN setting, right? >>> And if you are in a situation in which you can exchange symmetric >>> keys with your customers you don't need to apply NTS. But in most >>> cases, distribution of symmetric keys are realistically not an >>> option. >> >> Correct. I am not saying MUST. >> >> Are you saying that each of these 6 initial packets MUST NOT be >> protected by any sort of MAC? > > What he's saying is that the NTS exchange does not need to be protected > by a MAC. The Timestamps may need it if you want to use them or you wait > for NTS to complete its protocol exchange before trusting the packets. I asked what YOU were saying, Danny, not what Dieter was saying. Somebody removed a response in there. Let's get clarification from Dieter, et al on this point. And you're assuming the sender can dictate policy to the recipient again. It's the recipient's choice as to whether or not it will accept unauthenticated packets. I'm also curious to see how NTS plays with iburst. H _______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- [ntpwg] The next step of draft-ietf-ntp-checksum-… Tal Mizrahi
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Miroslav Lichvar
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Tal Mizrahi
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Miroslav Lichvar
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Miroslav Lichvar
- Re: [ntpwg] The next step of draft-ietf-ntp-check… dieter.sibold
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Danny Mayer
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Danny Mayer
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Harlan Stenn
- Re: [ntpwg] The next step of draft-ietf-ntp-check… kristof.teichel
- Re: [ntpwg] The next step of draft-ietf-ntp-check… Danny Mayer