Re: [Ntp] The NTP WG has placed draft-schiff-ntp-chronos in state "Call For Adoption By WG Issued"

Marcus Dansarie <marcus@dansarie.se> Tue, 10 September 2019 20:24 UTC

Sender: Marcus Dansarie <marcus.dansarie.nilsson@gmail.com>
To: ntp@ietf.org
References: <20190910101017.6F76B406063@ip-64-139-1-69.sjc.megapath.net> <CAM-HxCNM9W4wwyH=o=oyX_S6kd8Wac7XjnSnTg7u-nR+=yO_yg@mail.gmail.com>
From: Marcus Dansarie <marcus@dansarie.se>
Openpgp: preference=signencrypt
Autocrypt: addr=marcus@dansarie.se; prefer-encrypt=mutual; keydata= mQINBFawEn4BEAC8YukDy8f3eczlE8WAcuctrjsNltPCLZDzcj3vBmiayXlXuPULOopqeuw4 +oaZqj4KqvdFBA1mzvwPll7IHePuwAoJYJr48IbIXc9MRjtLoFtd0KnhiVPUS8F2cmfzSJ8E FEv92sz6UT8/tlLEu6sNqr6/caYUivspuW5wf4f6nkSE+6rao9Nx9X03r289IPNBSZv+Y/Ym jWHDPpbT8WLUJZ+A8RsW/1oza609oAzqTkclmnRzip8wZZWNg3Q55P7onBmTIOrEz13My9r5 DWCMHyxXgFL1RJ9YW0t4yRkRm+HvOn3Vesk3m8CCGA6esHV0IPZmBOxJr3l+UQYuDiTgFufr WMpu5MvlyKGHS4fNd505DyyJY2G6eQLLrOq3nZy4qoZSL42TMxzYglexg+H6P/YsIIShk5Ch h/hNphXjrElDWhbGT5JiRWIivgSj/gq5QVBbDLR3b25n9PA0byGemfcEHLkii6EKyH7GW6v9 sgmvCmPfEfppYcOP2g9Jdt8RPitx0UBjoCzWAn0Py0NvlFDyz0FQhWDPig3yo1CG5ljb686v VBwcHJthczUV0rIyVzfmnikIb9ZjydHSX3fFwLz1IcIIX+INS58qA0SDqOoyP2WTYGZCDPVw GMMh+wMtAL2MICTr6vybFWB58m4PsI1j8Ri+AQiEkxyJauI2WQARAQABtCRNYXJjdXMgRGFu c2FyaWUgPG1hcmN1c0BkYW5zYXJpZS5zZT6JAlwEEwEIAEYCGwMCHgECF4ACGQEJCwkNCAwH CwoEBhUKCQgLAgUWAwIBABYhBBfkVFb0H62SH33Csy9j5/6tpPBjBQJcLN6RBQkHXf+TAAoJ EC9j5/6tpPBjZNoQAI87t6fNeEDUe3mVxvhHbh0IQ3NTv5555HstmNA6ZKYeUhFIRFGGxo1D a93viLr59dL58NR43O4MA6IJTsOdCxnZfGMLRs7yHGylnilJEh9OwFHEJp0GprJ2RqfBGJsQ 0qQu90ptGhNWHeN1nEVPYg6tyTz6jFG+YuvHzIZjpCFY0xG+J92gncTDG8082kkp/fxSvKGr 6nxiH9lOxItJsUjRF3fUsmr8QERKfaYkrHaqEM05q0zlQu+ofwmq8oHk2Mlx+Earb0KgGWqM 85l8+uVnM/DKeD6qH8zAaOQImcyEn7KNQuHR+FELPRFFJ5BkSrJXat8P4ViC4Md0lF3X3sm9 nxztGbVD4v9M50ci7hosVsiqslU/nMv59f3NPATR+sOZrq3K5rSUGeVbF3+3ZT3fF4FfE7Gl ldtS8D4Lq8MYbfuFD4JnhqLQf9nuOeBH2qcJf6M6R5yi+NwEF7w1xGWYfI+ifNRlPl5FCJDj ft3JFxswKMpobyp2Amo1oman7kORTZ+dnQ9JNLZSbqSZRZ7CQt30exO1jgW0H0oYKVlZ3p3Q VqVC4BA5Ap7Pc6Da7LlgJnF6yfy1ODFllYBIT4kLOL/99W9CsKinaa6pJAjfs+x1QzzrR0ji ucHinLTeZ4JYDtFxXAEkQ2tuxaouoz+cLwrOwTepiBOiUtYnAg8tuQINBFawEqwBEAClJOj1 zOQTMRGzLK/08tEdwR4EwBDiWNci0JtjT59xtJdlGujuf/9wkt9hRIiALqt8U0vHwCzmxVTP Eueewv40WOraJzzDv6OBXJZMeF+IN1/CGrZcn8rLG9J1CyyVf+gCxUUXmpQDlE91iYMB4ifj dTTTizRnVYOQh54TV0yyiL2bn+ZdL8NYNpUbpoG2vppltt0NXv9ib9WPug9Q8Sx33CkkCj3F HJLHeHqo6AkFTpBdSn6/Ezs+ZHpuhNCHtrZyiJOi2YZ8EzpuxDwVjHLh8iXu0amlXSGP5wA7 MpNEtomhGw3bUr3aBcenfS4u/RE3V/y+vXae33LtVmaH7sli0SmrP8iUxkks2qjtS6W2a/qF xlHK/FXBChNIG0uRROvDlIudg6UHzQlK4mBdraGz4etfDpsNAX0x5ssxBTaFrJlZz935GPLR sg4o5f+FYcQrIZGisfCmiH8rdF1bkz450/OyfzS7lTCoxeizOnlamVwUCTfrWah/l8BXgP/i Y6KlbGpfr7aVYvA5e7fPe7uRqzPsxq7pL72r3p/TkNuPtJ7cbShN99p7v/v38STSJ4jbzy2W LMBFw5dJI73XtSGU2g/viZgVfl4Tro4XeYMF/FmRDiYcd+GpuDoB+g+NJYpGRGnr4+GgWl9U YCnN1TE9LSpvehvvKMvGqi0U1ENOUwARAQABiQRbBBgBCAAmAhsCFiEEF+RUVvQfrZIffcKz L2Pn/q2k8GMFAlws3qsFCQdd/38CKcFdIAQZAQgABgUCVrASrAAKCRDBCAAOw+Eh5rtYD/wN eZOov+0rwhszfD+IY9fI4qFUjuiKWR06fJ60HV7cStkDW6WtrF+NkUAwH5G0yrA+izyI9wtR 4r5OW5ruPWTRbHxOmsLfRnqh4dKU6uCvtoL+LNzAMyPORiZkzomOaKAPdtiVgECVupLsApDl 4tI2hpMYKmeTVuessXa83oGOi8uQGK/M57Koz20KPfLltJBsCcOwofCUdbmaPOlN/DspOaIe LWzN7qb3pzAuUltBCvVI3VRgqvfh6JSiGyaSUfjghfbtz0uAlZ4wSfHX2+Iw+1/9mlElZjkC y6QgxCb1vMqGSw5u596aGVm7m2zVGLn4/xhpFNbxHUwWre/AAMtJR5ASK3cq2au1U2rOja3f rRfzMuBqTrQGb+OcCaesaOssd7t+RmDKfv0u40z6ls9Mzav+BCXzfOnb3HNAgJE5C/xApTsd xhn5BZoxHy8N2Pc0emWe6JI5UDPlKpuwH6JDKrLaoHhE7Gy2U6iinQcgI5IEEa8wmwoWfkjU 5phTbZVHJ+yTOeZWcbJtyFIX18fbzyrZWguo1EWHubv33KqbiJ6klpfg5chwKXWZIlLmbivp Dv0KRybk5GB+X83OpeAH9dKT3kvcu6midppjFzakSIiaoSJDS9jcqQYEiRG71lnD7QdCoqjb fHZh8HXGYSbenDzisWIRouGsimOyeSaX6QkQL2Pn/q2k8GOq8g/+PAcag2kmEQeJIVEtVCA3 e+/v+9XTi/7X7fZ247gAHbbaZKavRMFmgVsJNq6riC4HoetUWwMWJ2A/buSVMVJwAd5pWXAq WkOPWgv60FN92yfdUPjXXhLMXhntCLaRbNmKw0gETFLlUGXbRHyiO02EbJziI+vOr3R3AYa/ JEvsCHKX6TUm/HerBmzTUOi/igtd/H7B4EYcO5bZLKSJ8RZT5hKwOpVIYOdvBWZx2+MTG++A w6mDCgpIRseWgsyrkfsKkf+xQw0JewsFMyW5z+swV5/SCrhzexRIh1Jr5KBQ7FI7WgO5l46o EKtCmBjDSckdlBg5wfpPHK4s3k3FreX/tPqrzwTaBY9NIyzLGE2KFgr5lTWOr4P5xb37CNg4 hCzSJStvrlR/MscUmjaYR+dHCwzNr5tkBDSIqBKw6THWV+i0g3Vo41FF06Eg8dnW0yMX5Vfp zw9YYFsTV+WbKBTRwNA6OsAkkD7zMU0KzL3+i33uzgo+CffBYJs12yABIWXtNWlXiJpqePyh /6PTEfYMUE7dDr8qlEt23AoGs3Eme+OgY/Y5Yv03jcINp98/qnXnnqf9ghpVavajVwOIQui5 CMxWUkDweNyEYJA4jaKkov5/iwssNosBSF007b4loCXLv45iz8jkQwYHUwzH86W6Gk13/bdt v0ksRjKe291ygQm5Ag0EVrASywEQAMscigyDy6txQ/cUE8P+S9zMPNbsTSqa3iyj0SREswxm JsrUou+yOt/Y4UxGX+JLc/zjI1+frWE33CNmucYMtrZSrxgQDp+Wp8Ak7UNQlBtRIjdcPqmA EFzgG9OP7If7MJZMeWVd47ybIYUKohuTdFgwJSF80f+DGLLjIchyVZbvyZWSQKIAxfavmZr1 CNEVYXyrL752rLVB+KnQgJaFqHFPp6cO/Y20ViF9QsLRtlref1VrxtdPuILhEKMmmc+ZRsDh J0V8Mi5q8pWcYWrz+JiVRyA1ULAhg6C2ypj1cFNnQyN22XptXbz687bqZQxar5xyAAV4D6i/ 8q1kNgSsbDq+XkWuGjS9kmvLGM9kGARNhMFNguJSgSfqZExPAJhCZ4hVboTKFoRR10482rlO yj0Va0GbmpGqftjNodA4mjpBi52pNymUF+s6eTk13L9DOOJ8d0+2Qd6e4uTeNXJhNW6g2l7b 5dt/bbHMla7hgqRKUtTqQRR2JCpP3vF4sHWnXYdEcJSACarBcxbfdwZBnF9Nwv7GiNTEEg7O +8qwlj16LTB8oNWjOwAHiqg0xQlL8JTz2rkX0gUIW1Hy9A6b6UikViRbmpHXg0s7364Xtxji mkKD8DVnC5NJDiwZztqG2iW7kxJnfA+eAClKEh+niZo5NpjWNUfhjUXM5DNVHtchABEBAAGJ AjwEGAEIACYCGwwWIQQX5FRW9B+tkh99wrMvY+f+raTwYwUCXCzeqwUJB13/YAAKCRAvY+f+ raTwY6oaD/9Q1RhI/RNI0TmS60ih7gTZ1wvWbU24qGHZ1Q5kgriS5C59IWDkVlOCx2qQVwJO eGBrUHDhEuL2AuAF46Rmh+tIFMqij8Orz8zebSydM8aBtSPua2QpAta/IJS/5jvGN0aKbim8 MpD9oCHFp7N+37p7e5jrpLHz3qh5cDau+fFDUzS04gtcgkJb3wXg0MhgoZF/KU3JSq0Xs0Ni ioljOHDgOddGzO7Dd2KbCW2vtzo7m50yrLHI77hsocnkqrIcIn6TeYtH7K1aksEI0KC2Sg0b ome7eO8jCziXZO73iwq9hflXAiZp9CM2HWlb7e2zXe8vChJorEf+9w3t/jyvQzCtOf12jUM1 xr99DODBAEtJ0/tUfSsGvfETmAhYD2tjRmVwzB7jRq6U4bc5jtcYEL5YKEWBIvJDVvzE3iu/ HHjc83bIIyqxeYyT3uClTWPVP5OEWBxGUas7u3hlxxmSzGjpXUDBZyoeC+Q6Q3WUp6zOSg+/ yVwD/KBQQ/Sy6vOfvgh6PmsP1D5xCZSl6UWnxSi8lTtAcjUjHyG1qCudR/pmDv0OL5Ul8PeF 87DBMz4Y0our+MslzlvhrmI90XcKAyHrukdnanS+gle61a44uFwtUGPTvCtSW4AQLR1uixc8 qaHsQNmXpQQOIt6nudcOCisXa1c6P/WU8I94u9BmCjTWRQ==
Message-ID: <980500cd-3b38-ffaf-350d-1aa705278879@dansarie.se>
Date: Tue, 10 Sep 2019 22:24:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CAM-HxCNM9W4wwyH=o=oyX_S6kd8Wac7XjnSnTg7u-nR+=yO_yg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/PIr9YoHibaPYcZo2XMOkotdVmQk>
Subject: Re: [Ntp] The NTP WG has placed draft-schiff-ntp-chronos in state "Call For Adoption By WG Issued"
Precedence: list

As one of the co-authors on the NTS draft, I can only agree with Neta
here. Chronos and NTS are not mutually exclusive and Chronos can detect
attacks that NTS does not protect against. Section 9.4 in the NTS draft
mentions one example of this.

Kind regards,
Marcus Dansarie


On 2019-09-10 12:33, Neta R S wrote:
> Hi,
> 
> Please see my responses inline.
> 
> On Tue, Sep 10, 2019 at 1:10 PM Hal Murray <hmurray@megapathdsl.net
> <mailto:hmurray@megapathdsl.net>> wrote:
> 
> 
>     neta.r.schiff@gmail.com <mailto:neta.r.schiff@gmail.com> said:
>     > *Threat model: *Chronos considers a powerful form of
>     man-in-the-middle (MitM)
>     > Byzantine attacker, capable of determining precisely the values of
>     the time
>     > samples gathered by the Chronos client from a subset of the NTP
>     servers in
>     > its server pool (up to one-third of the pool).
> 
>     I consider that "up to one-third" to be a serious problem.  It
>     doesn't cover
>     the case where the bad guy has taken over your ISP (or is your ISP)
>     and thus
>     controls all the traffic to the servers you try to use.  I think
>     that's going
>     to be a common case.
> 
> In this scenario the attacker can drop all the packets from the servers. 
> I am not sure there is a good solution for this case.
> However, we are currently working on extending the threat model. 
> 
>      
> 
>     [Disclaimer: I work on NTS so I'm probably biased.]
> 
>     Why should we work on this rather than getting NTS deployed?
> 
> I think NTS is important extension for NTP. 
> We suggest Chronos as a watchdog (for example for cases where the MitM
> drops packets).  
> 
> 
>     There is an additional complication.  You are inventing a new method of
>     processing the data from packets that get past your filters.
> 
> We suggest to run Chronos side by side with NTP (as a watchdog). 
> 
> 
> 
>     -- 
>     These are my opinions.  I hate spam.
> 
> 
> 
>     _______________________________________________
>     ntp mailing list
>     ntp@ietf.org <mailto:ntp@ietf.org>
>     https://www.ietf.org/mailman/listinfo/ntp
> 
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
>

[Ntp] The NTP WG has placed draft-schiff-ntp-chro… IETF Secretariat
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Harlan Stenn
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Neta R S
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Harlan Stenn
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Neta R S
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Hal Murray
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Neta R S
Re: [Ntp] The NTP WG has placed draft-schiff-ntp-… Marcus Dansarie