IETF Logo Mail Archive

Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp

kristof.teichel@ptb.de Mon, 10 December 2018 13:19 UTC

Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91AA8130F28 for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 05:19:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yM30_njHrXB5 for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 05:19:44 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52D5412870E for <ntp@ietf.org>; Mon, 10 Dec 2018 05:19:44 -0800 (PST)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id wBADJgNk017723-wBADJgNm017723 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <ntp@ietf.org>; Mon, 10 Dec 2018 14:19:42 +0100
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 5D3C6730532 for <ntp@ietf.org>; Mon, 10 Dec 2018 14:19:41 +0100 (CET)
In-Reply-To: <39c83aa1-b084-2250-2eec-4b07c3128e13@nwtime.org>
References: <4e9efcc4-0285-72c1-9119-7cbd167847d0@nwtime.org> <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <0DAD4C5F-EAFA-4A3D-A3E4-55F34A7C1BFE@isoc.org> <AM0PR0602MB3730B2389832592B5A1D2647FFA90@AM0PR0602MB3730.eurprd06.prod.outlook.com> <OF03487E97.EB065354-ONC125835D.006E9262-C125835D.00717024@ptb.de> <39c83aa1-b084-2250-2eec-4b07c3128e13@nwtime.org>
To: ntp@ietf.org
MIME-Version: 1.0
Message-ID: <OF1E9851B6.609C458C-ONC125835F.0046F5DB-C125835F.004935F3@ptb.de>
From: kristof.teichel@ptb.de
Date: Mon, 10 Dec 2018 14:19:52 +0100
Content-Type: multipart/alternative; boundary="=_alternative 004935F0C125835F_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/UG3-3dbWbm98likowu7y9Iwy_5c>
Subject: Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 13:19:47 -0000

I would like to re-post parts of an old e-mail of mine from August of this 
year regarding Dave's "DTLS Lite for NTP" document (as posted by Harlan, 
on August 2nd), as I'm unsure whether my text ever made it to the list 
(posted it from my private account, can't see it on my work accounts) and 
it is kind of essential to at least my own dismissal of that document as 
an all-in-one solution, and of potential points that could be taken from 
it and applied to the NTS spec:

My main problem with the presented document remains the same from previous 
versions of it:
I find it hard to see what the reader is supposed to take away from it, or 
what kind of document it should be seen as. 

Scanning some of the parts where it does go into more detail, I have also 
found a few items that I think show major issues, at least one for each of 
the modes:

- Symmetric Mode: there seems to be no initial validation of which public 
key belongs to whom (such as externally validates certificates could 
provide). 
In this case, all the procedure does (at best) is to ensure that whoever 
I'm talking to initially is also the same entity I'm talking to later, 
which still allows anyone to pose as any entity initially. 
I find it doubtful whether this represents any improvement over just using 
the symmetric key security approach for this mode.

- Client/Server Mode: "The cookie is the hash of the client IP addresses 
concatenated with a server secret key using the selected hash algorithm". 
This is straight out of the Autokey playbook. It was clearly identified in 
2012 in S. Roettger's analysis of Autokey as one of the major issues and a 
complete showstopper regarding security.

- Broadcast Mode: Seems to use asymmetric signatures in a straightforward 
design. 
But we ruled this out years ago because we found it unclear that every 
device that potentially was going to be a broadcast server (or arguably 
even a broadcast client) was going to be able to do this without 
significant detriment to timestamp accuracy. 


Best regards,
Kristof

v2.23.0 | Report a Bug | By Email