IETF Logo Mail Archive

Re: [Ntp] NTP Security (was NTPv5: big picture)

FUSTE Emmanuel <emmanuel.fuste@thalesgroup.com> Fri, 22 January 2021 08:54 UTC

Return-Path: <emmanuel.fuste@thalesgroup.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D7993A11C0 for <ntp@ietfa.amsl.com>; Fri, 22 Jan 2021 00:54:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.632
X-Spam-Level:
X-Spam-Status: No, score=-2.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=thalesgroup.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R0WgIJYWUdWs for <ntp@ietfa.amsl.com>; Fri, 22 Jan 2021 00:54:39 -0800 (PST)
Received: from thsbbfxrt01p.thalesgroup.com (thsbbfxrt01p.thalesgroup.com [192.54.144.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B247F3A11BC for <ntp@ietf.org>; Fri, 22 Jan 2021 00:54:39 -0800 (PST)
Received: from thsbbfxrt01p.thalesgroup.com (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 4DMY3d5KQpz45Mb for <ntp@ietf.org>; Fri, 22 Jan 2021 09:54:37 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thalesgroup.com; s=xrt20181201; t=1611305677; bh=v48ouJwu1rrOeEjkhxY2jFwNvtd/fEnrzua8BJ9vC38=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Transfer-Encoding:MIME-Version:From; b=gyD0toRiVlA19mqLCvRnXO4T9jor6/Ydo+V2DH6MEFS0NOhk9HaOnjId8nYPxXDSK Ermfq8NaWCa7nVmUtHeEQzfYHjYgOP8clVpB9dECe4Cqnfo5jpinRpplT8pbxDVYCz UbHMJTZwAIP6+jjLclFINv4wRDBpkRV0MyKNZcfaU2YdYLUwJIxNIlmiT4al+OYMMO eI2gmDcjfvlcE27KGJqdjWeXSqB3jVARXNyYIVDZhpLR59rTpwcJ5Z5ksItHPFzYKs /m8rk53q6Zqfzhpe/ZTi0sMrRMBZFE8gbjGSLQT06+IQyUTTNh+txmCZO2M+AAq+IZ Oc5Bf1Qf8CbOQ==
From: FUSTE Emmanuel <emmanuel.fuste@thalesgroup.com>
To: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTP Security (was NTPv5: big picture)
Thread-Index: AQHW7Y5jCWcm9A+sZEOhE3CV1WddQKotdkMAgAAK4ICAAED4gIAAEC4AgAADnoCAAMz4gIAALVuAgAQSGwCAAGozAA==
Date: Fri, 22 Jan 2021 08:54:36 +0000
Message-ID: <5f1cf059-b7ee-6a43-2870-3a62d37a0be0@thalesgroup.com>
References: <20210118113806.33BBE40605C@ip-64-139-1-69.sjc.megapath.net> <c6fda979-0b3e-99fc-2dc5-25b7cde4c42b@rubidium.se> <20210118162517.GA2410317@localhost> <acdd42d0-9b58-4b26-0798-55a42bc0b6de@rubidium.se> <YAX6gJiREb2RE6Gs@roeckx.be> <c5378682-e03f-9e46-24d5-025eb4a57c05@rubidium.se> <20210119094217.GB2430794@localhost> <68c0d807-2290-3c44-d760-35306af20434@rubidium.se> <123A8671-C143-443A-840C-A8960041DADF@redfish-solutions.com>
In-Reply-To: <123A8671-C143-443A-840C-A8960041DADF@redfish-solutions.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
x-pmwin-version: 4.0.3, Antivirus-Engine: 3.79.0, Antivirus-Data: 5.81
Content-Type: text/plain; charset="utf-8"
Content-ID: <FE1B505F2911A94E93C64BE3D2BA662B@iris.infra.thales>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/RQp9yk5cumkCcIZBM-OcuXaePsQ>
Subject: Re: [Ntp] NTP Security (was NTPv5: big picture)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 08:54:41 -0000

Le 22/01/2021 à 03:34, Philip Prindeville a écrit :
>
>> On Jan 19, 2021, at 5:24 AM, Magnus Danielson <magnus@rubidium.se> wrote:
>>
>>> I think the point is that you cannot bootstrap secure time out of
>>> nothing.
>> That's a conjecture, yet to be proven.
>
> No, that's basic Information Theory.  Lost or non-existent information can't be recreated from a void.
Exactly. And here the information is present/existent in a lot 
of/multiple source.
As there is a possibility that some are compromised and your must sort 
out/validate them.
Depending of your needs, you could startup with pretty low known 
validation materials with very good confidence, up to multiple 
cryptographic factors and less than a second away trusted local time and 
very very high confidence.
Look at today real world status  ! This is terrific, more than 99.9% of 
devices, phone, computers, wifi routers, etc ... using NTP even with 
local RTC blindly trust ANY ntp source without any validation procedure 
/ validation material and only rely on NTP algorithms to try to sort the 
sources, on the better implementations.

Emmanuel.

v2.23.0 | Report a Bug | By Email