IETF Logo Mail Archive

Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp

"Langer, Martin" <mart.langer@ostfalia.de> Mon, 08 March 2021 11:51 UTC

Return-Path: <mart.langer@ostfalia.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F7F3A0C49 for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:51:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MUrBkXfjNwxu for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:51:40 -0800 (PST)
Received: from mx1.sonia.de (mx1.sonia.de [141.41.1.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAA163A0C43 for <ntp@ietf.org>; Mon, 8 Mar 2021 03:51:39 -0800 (PST)
Received: from mx1.sonia.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 53A561C800CF for <ntp@ietf.org>; Mon, 8 Mar 2021 12:51:38 +0100 (CET)
Received: from exchange06.resource.sonia.de (exchange06.resource.sonia.de [141.41.8.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.sonia.de (Postfix) with ESMTPS id 4FD361C800AD for <ntp@ietf.org>; Mon, 8 Mar 2021 12:51:38 +0100 (CET)
From: "Langer, Martin" <mart.langer@ostfalia.de>
To: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
Thread-Index: AQHXEfmMSKND+BsUuke89/+0bAqpHap52TGAgAAU3aP///w9gIAAEtRv
Date: Mon, 08 Mar 2021 11:51:37 +0000
Message-ID: <63ba384a15fd4b4d90ae297650d9124b@ostfalia.de>
References: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com> <YEX+RYP1vXLgt5f8@localhost> <02fd071141eb4b6ea94a8245af2d75f8@ostfalia.de>,<YEYMnVfIGcbZ3TKP@localhost>
In-Reply-To: <YEYMnVfIGcbZ3TKP@localhost>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [141.41.8.54]
Content-Type: multipart/alternative; boundary="_000_63ba384a15fd4b4d90ae297650d9124bostfaliade_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/T3Hse6AqLnlmw84xDSCLe8VRcVo>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 11:51:42 -0000

yeah... guess you are right.


In this case we need a periodic unicast connection as a watchdog protocol, ...or something else.

The group-based PTP (multicast) communication is a tricky one.

It is hard to secure. Especially delay attacks.

... on the other hand... it is also a part of the security prongs C and D of PTPv2.1 (redundancy and monitoring).
We are not able to secure packets against delay attacks with cryptographic measures.


-martin-
-------------------
Martin Langer, M.Eng.
Ostfalia Hochschule für angewandte Wissenschaften
- Hochschule Braunschweig/Wolfenbüttel
University of Applied Sciences

Labor Datentechnik, Labor Design Digitaler Systeme
Fakultät Elektrotechnik
Salzdahlumer Straße 46/48
38302 Wolfenbüttel
Germany

Tel.: +49 5331 939 43370
Web: https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer


________________________________
Von: Miroslav Lichvar <mlichvar@redhat.com>
Gesendet: Montag, 8. März 2021 12:38:05
An: Langer, Martin
Cc: NTP WG
Betreff: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp

On Mon, Mar 08, 2021 at 11:09:49AM +0000, Langer, Martin wrote:
> The multicast connections are not comparable to the broadcast connections in NTP.

I think they are pretty much the same if you assume the NTP client is
making periodic measurements of the delay and not just once on start.

> In NTP, TESLA-secured communication could be broken, because delay attacks are not
> detectable. However, in PTP we have two-way communication (Delay Request/Response)
> during multicast, which can be used to register runtime changes (RTT). However, a formal
> analysis is indeed not available.

The delay measurement has a request and response, but the offset
measurement (using sync messages) does not. Delay messages can be much
less frequent than sync messages. That's quite different from the NTP
client-server mode, where each request has an immediate response.

--
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email