IETF Logo Mail Archive

Re: [Ntp] An NTPv5 design sketch

Daniel Franke <dfoxfranke@gmail.com> Thu, 16 April 2020 17:34 UTC

Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D64E33A0865 for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 10:34:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZcXNojcr-zJ for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 10:34:15 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7956E3A0864 for <ntp@ietf.org>; Thu, 16 Apr 2020 10:34:15 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id b18so7711773ilf.2 for <ntp@ietf.org>; Thu, 16 Apr 2020 10:34:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OINomgpWRA28OvQfPthCBW1jfNU0yl6FQNd7VluDrVk=; b=A7zVwqAYmfgJoiW+eniCcd/+ksefo3QN0xJ7zSGNpy/80RhW/uKxJmCN3xAmN1279G uz3XmaG+HYJ/u+yrH53nEl1+5wqp34nfV85d3dyBsppWr5CsWVMB5o1LPl/L1GuKtDiq Gu5cNiocMGnZ0sWxpIxOxgHHs2z0RLOlVyjODP6nhI6WCCLR+jh0zRfK8mPHld6oCwbR ql5yE7TEmqE2t5WbYQcoONqbY74RN4ZRT+ZE+72f1G9KdK8DCmOGZgyLnZ359RvNL4nj 30d7pAdtChvCTozBRam19xePEX/aAXYTbzFp7SokCdnqB82r6y7iK8C/p/Y2E5cDrLHO /8eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OINomgpWRA28OvQfPthCBW1jfNU0yl6FQNd7VluDrVk=; b=Z0sXafw9Hnb9odnciz7U7rEFWZqRloXGBAlrgRllalZsOW/nh4priCmd5peMFbfl52 msWvGPwckfFH2p3bu4STiogH2WyH7j3YGEb7X795y3VPN3qP+zcU+hlg50I1asdSQDwB 2yf3tL/IgJV+sK+qUZSgkokVDv8ELm4UsnT3YVGwV6hx9TLKnpl6154QIbYnGHevqF6g f/kShmrW4DnrP8Q/XDDBPu4ySno03aM2mJitGpIYH4le4RizdvBi+Aerao/QeTJLJ89S RQpcEwoDbEQxZtzp3IkRXXUeINurPcddq8ph0rdkA3CluI6wpi/3yXJK1dAplRHDRVEt SI9w==
X-Gm-Message-State: AGi0Puadhii84jWau/rRFr6zYvfT9tIRSI0nRVErTaSgtGp82lQrgk6R XxFaCeQAya1iyCzuUK1M7Tat76awUJnkEUZ2w7srQDTb
X-Google-Smtp-Source: APiQypIohhhkWPLWHCxAEDYNpnmPMXTc78XQeMIIBvzOqF2VnM7VhOz/k9YAmSkTl0yX4u3e6YPuiyG4wRd4tmnOMSU=
X-Received: by 2002:a92:d34e:: with SMTP id a14mr11490310ilh.32.1587058454690; Thu, 16 Apr 2020 10:34:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost> <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com> <20200416082557.GI1945@localhost>
In-Reply-To: <20200416082557.GI1945@localhost>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Thu, 16 Apr 2020 13:34:03 -0400
Message-ID: <CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40-VFmjTQ8Jg@mail.gmail.com>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Qv8Y46Jx9ph4sFdDkIJI3KTge7Y>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 17:34:17 -0000

On Thu, Apr 16, 2020 at 4:26 AM Miroslav Lichvar <mlichvar@redhat.com> wrote:
> The device may be very simple. It may not have an OS and NTP may be
> the only networking it does. It could be measuring intervals in a
> physics experiment, or controlling a robot in a factory. Consider
> where and why PTP originated and that NTPv5 with its correction field
> might be usable there too.

I remain skeptical that systems actually exist, even in these domains,
where unprotected NTPv5 would be a good solution but NTPv5 with NTS
would not be. I've forwarded this thread to a friend who has done a
great deal of work with systems of this nature so that she weigh in
further. At any rate, I second Doug Arnold that if a use case is
already well-served by PTP, then complicating NTPv5 on their behalf is
not solving anyone's problem.

> Protected responses need to be handled in the same way as unprotected
> responses. You never know if the server isn't compromised and trying
> to attack you.

I think you've misunderstood me here. I'm not talking about cases like
"don't do an out-of-bounds read if the length field is longer than the
actual packet length" which yes, need to be handled regardless. I'm
referring to handling NTS stripping attacks and making sure you don't
accept an unprotected packet from a source that should only be sending
protected ones.

v2.23.0 | Report a Bug | By Email