Re: [Ntp] Antwort: Re: Symmetric mode
Danny Mayer <mayer@pdmconsulting.net> Wed, 21 September 2022 23:30 UTC
Return-Path: <mayer@pdmconsulting.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3287BC14F722 for <ntp@ietfa.amsl.com>; Wed, 21 Sep 2022 16:30:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lA-2iimZAhkv for <ntp@ietfa.amsl.com>; Wed, 21 Sep 2022 16:30:11 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [66.220.13.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0630C1524AA for <ntp@ietf.org>; Wed, 21 Sep 2022 16:30:08 -0700 (PDT)
Received: from [192.168.1.156] (pool-108-26-202-2.bstnma.fios.verizon.net [108.26.202.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4MXvlg523yzMP75; Wed, 21 Sep 2022 23:30:07 +0000 (UTC)
Content-Type: multipart/alternative; boundary="------------lK95l5PYaz0WzkPBEh089M7E"
Message-ID: <d13df0b6-7c47-820e-5dbd-21dd7e2d4801@pdmconsulting.net>
Date: Wed, 21 Sep 2022 19:30:06 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
Content-Language: en-US
To: kristof.teichel=40ptb.de@dmarc.ietf.org, ntp@ietf.org
References: <880b8ec4-e112-e2e2-f48c-c940064bc749@pdmconsulting.net> <mayer@pdmconsulting.net> <796c33e6-02dc-0665-c8a2-a143f9100bdd@pdmconsulting.net> <20220919024614.4AB8328C1E2@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <YygwAeTMeSHXXk6t@localhost> <OF42F0D0F6.E94FA935-ONC12588C3.005225C3-C12588C3.0054DC8B@ptb.de>
From: Danny Mayer <mayer@pdmconsulting.net>
In-Reply-To: <OF42F0D0F6.E94FA935-ONC12588C3.005225C3-C12588C3.0054DC8B@ptb.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/TSuuyRregs3byCKfIQaQ9LX2SY8>
Subject: Re: [Ntp] Antwort: Re: Symmetric mode
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2022 23:30:19 -0000
See below. On 9/20/22 11:26 AM, kristof.teichel=40ptb.de@dmarc.ietf.org wrote: > Some responses in-line. > > Besten Gruß / Kind regards, > Kristof Teichel > > -----"ntp" <ntp-bounces@ietf.org> schrieb: ----- > > > >An: "Miroslav Lichvar" <mlichvar@redhat.com>, "Hal Murray" > ><halmurray@sonic.net> > >Von: "Danny Mayer" > >Gesendet von: "ntp" > >Datum: 20.09.2022 15:41 > >Kopie: "ntp@ietf.org" <ntp@ietf.org> > >Betreff: Re: [Ntp] Symmetric mode > > > >On 9/19/22 5:01 AM, Miroslav Lichvar wrote: > >> On Sun, Sep 18, 2022 at 07:46:14PM -0700, Hal Murray wrote: > >>> Is symmetric mode interesting enough that we should try to fix > >that? If so, > >>> would you please say a few words about why it is interesting? > >> It's not very useful. I think the most interesting thing about it > >is > >> that sources using the symmetric mode are marked differently in > >tools > >> like ntpq, so it's more obvious to the admin that synchronization > >can > >> work in both directions. > >It's extremely useful, particularly when you end up in orphan mode or > >just need to make sure that all systems in the local network are > >synchronized. > > 1) You say particularly. Is it useful in any other known use-cases? Yes. Any set of systems that need to ensure that they are synchronized together can take advantage of this. Most of the time you would want to do this if they are all on a LAN. Broadcast, Multicast and Symmetric Peer modes are particularly useful on a LAN. > 2) Also, how often do we think the former case happens? A feature > might be incredibly useful in the case of heavy acid rain, but that > alone is not reason to implement it. Also, see 3) I can't answer that since I don't maintain those kinds of systems. If you loose your external internal internet connections, which we know happens from time to time, having internal systems synchronized with each other keeps things working in a coordinated fashion. > 3) I'm increasingly approaching NTP from a viewpoint of metrological > traceability (this is important to PTB as an NMI, I intend to > contribute text suggestions for documents in the future). I believe > there is a strong case to be made for a simple hierarchical approach > (i.e. get time from one, pre-specified server, and secure it with NTS > or other authenticity-protection) if traceability is what one is > thinking about. Under this perspective, the latter use-case honestly > seems problematic (traceability mostly goes out the window once you > don't have a "source" and instead are keeping several equal-level > partners synchronous, IMO). For some cases simple hierarchical approach is simpler. PTP does that. NTS was trimmed down to only handle client/server mode in order to get it out the door. There's nothing to prevent other modes using NTS, though Broadcast and Multicast might more be tricky to implement. > > >You really need to take the time to understand it. > > I'll reiterate my point from a few weeks ago that I would prefer if we > keep our tone constructive in WG exchanges. > This seems like a pretty broad dismissal of a bunch of statements and > a hard assumption of ignorance. > Can you give us hints how you find Miroslav's statements > wrong/misleading (and which ones) so that the rest of us can be part > of the conversation? This was not meant as any disrespect of Miroslav or anyone else. I can only point to documentation and explanations of why symmetric peer mode is useful. Dave Mills spent years conducting research and development on this and he has written plenty of papers on this. > > >> At the protocol level it's just trouble. It's difficult to > >implement > >> if you want to handle all the corner cases and difficult to secure. > >> The main problem is that there is no response for each request, so > >the > >> peers have to select to which request they respond, i.e. guess > >which > >> one was genuine. Authentication with a symmetric key doesn't > >prevent > >> a replay attack. > >See above. > > I really don't see how this can be "see above". > Even if we accept that symmetric mode useful, that doesn't mean it's > not diffcult. The main difficultly seems to be understanding why it's used, hence the subject line of this thread. The implementation is pretty straightforward. > Or do you mean this is another case of "need to understand"? (In which > case: see above). > > We certainly agreed to give up on the attempt to secure symmetric mode > with NTS, which supports "difficult to secure". It was done in the name of getting NTS out the door. > > >> There are ephemeral associations, where only one peer is configured > >> with the address of the other peer. This enables attackers to > >replay an > >> authenticated message to create an unlimited number of associations > >on > >> the peer. In the ntp.org implementation there is a possibility to > >> limit keys to IP addresses to prevent that, but in that case it's > >> easier to just specify the address directly as a peer in the > >> configuration file and you don't have to worry about associations > >> created on different ports of the address. > >> > >Not really. Again you need to understand how it works. > > Again, could you qualify which of these statements you disagree with > and/or how so? Symmetric peer associations are not ephemeral since both sides keep information of each other the same way that any client does. An attacker cannot really replay an authenticated message as it would be rejected as already received. I'm not sure what is meant by limiting IP addresses to prevent that since a replay attack would have to use the same IP address to send the packet. In any case you would use a MAC with an agreed-upon algorithm to prevent fiddling with the contents. You don't however want to specify specific IP addresses since those can change, you need the FQDN in any configuration. Does this help? Danny
- [Ntp] NTPv5 Loop Detection without Stratum Heiko Gerstung
- Re: [Ntp] NTPv5 Loop Detection without Stratum Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum Paul Gear
- [Ntp] Antw: [EXT] NTPv5 Loop Detection without St… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum Harlan Stenn
- Re: [Ntp] NTPv5 Loop Detection without Stratum Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum Heiko Gerstung
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum Danny Mayer
- Re: [Ntp] Antw: [EXT] NTPv5 Loop Detection withou… Danny Mayer
- [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detection … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… David Venhoek
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Heiko Gerstung
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Harlan Stenn
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Harlan Stenn
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Harlan Stenn
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Hal Murray
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Antw: [EXT] N… Ulrich Windl
- [Ntp] SNTP and extension fields (WAS: Re: Antw: R… kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] SNTP and extension fields (WAS: Re: Ant… Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Antw: Re: SNTP and extension fields (WAS: R… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection wi… Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antwort: Re: Symmetric mode kristof.teichel
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection wi… Harlan Stenn
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 Loop Detect… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 Loop De… Harlan Stenn
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Harlan Stenn
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric mode Ulrich Windl
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Hal Murray
- [Ntp] Antw: Re: Antw: [EXT] Re: Antwort: Re: Symm… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Ulrich Windl
- Re: [Ntp] Antwort: Re: Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: Antwort: Re: … Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Symmetric mode Harlan Stenn
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Symmetric mode Doug Arnold
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Harlan Stenn
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Antwort: Re: Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Doug Arnold
- Re: [Ntp] Symmetric mode David Venhoek
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl