Re: [Ntp] NTS Pools
martin.langer@ptb.de Thu, 22 February 2024 22:12 UTC
Return-Path: <martin.langer@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E4E4C1519AE for <ntp@ietfa.amsl.com>; Thu, 22 Feb 2024 14:12:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6i0W4LObRDUQ for <ntp@ietfa.amsl.com>; Thu, 22 Feb 2024 14:12:43 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5240C14F6B7 for <ntp@ietf.org>; Thu, 22 Feb 2024 14:12:41 -0800 (PST)
Received: from s23397.bs.ptb.de ([172.21.101.132]) by mx1.bs.ptb.de with ESMTP id 41MMCcF3015481-41MMCcF5015481 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Feb 2024 23:12:38 +0100
In-Reply-To: <01AFAEC4-81F4-4778-9AC1-F2496AF70D7C@gmail.com>
References: <OF2E6B0FFD.229AD710-ONC1258ACB.004EFEAA-C1258ACB.0050896E@ptb.de> <01AFAEC4-81F4-4778-9AC1-F2496AF70D7C@gmail.com>
To: "\"Dr. Dieter Sibold\"" <dsibold.ietf@gmail.com>
Cc: David Venhoek <david@venhoek.nl>, NTP WG <ntp@ietf.org>, Dieter.Sibold@ptb.de, Kristof.Teichel@ptb.de, Rainer Bermbach <r.bermbach@ostfalia.de>
MIME-Version: 1.0
From: martin.langer@ptb.de
Message-ID: <OF010EDBD4.A2E1EB75-ONC1258ACB.0079D7D8-C1258ACB.007A00DC@ptb.de>
Date: Thu, 22 Feb 2024 23:12:36 +0100
Content-Type: multipart/alternative; boundary="=_alternative 007A00DCC1258ACB_="
X-FEAS-Client-IP: 172.21.101.132
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=references:to:cc:mime-version:subject:from:message-id:date:content-type; bh=S8tP4MTR3qLJPf5Lra1HeArPBXiF0zBwPIivy6c6nEM=; b=IhsowjgGEBkDeJMuN18F1xAI3Y3mcnVLqlhY8PcSfDDKDUNkEiyaqntIm39EvTtWVUxmN2uTERFt olggk8JjePQhwy/0tECWCj0/2NTTZPt9i4zipaAgB68ouLbIXEfyI9LAMNTV/TPFtxSogfN9n/Bs K/rtGcejQKdAYceoySQETSTokdxT4qCY1Bel2k0YCX56DB5KV2iNowX2aIB/Uf/mN6vNJve8cI2N BSxMT/djGy32bTRsgEmfOvVVSc2dCynPlC35up5gEw+Pg0zKdPhm7j6aCgdWzfA+XWPYXFOqUDKC CO3IpRVEXE1pDElJIDrxH18/xi9gBACPKuBO8A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/UyFSSdeZT9qfFuZRC6cMC0wLzdU>
Subject: Re: [Ntp] NTS Pools
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2024 22:12:47 -0000
Hello Dieter, yes, you are right. :) Thanks for your clarification. kind regards, Martin __________________________________________ Dr.-Ing. Martin Langer Physikalisch-Technische Bundesanstalt (PTB) Working Group 4.42 "Dissemination of Time" Bundesallee 100, 38116 Braunschweig (Germany) Tel.: +49 531 592-4470 E-Mail: martin.langer@ptb.de __________________________________________ Von: "\"Dr. Dieter Sibold\"" <dsibold.ietf@gmail.com> An: martin.langer@ptb.de Kopie: "David Venhoek" <david@venhoek.nl>, "NTP WG" <ntp@ietf.org>, Dieter.Sibold@ptb.de, Kristof.Teichel@ptb.de, "Rainer Bermbach" <r.bermbach@ostfalia.de> Datum: 22.02.2024 16:44 Betreff: Re: [Ntp] NTS Pools Hi Martin, thanks for your thought an NTS protected NTP pools. Please find comments below. On 22 Feb 2024, at 15:39, martin.langer=40ptb.de@dmarc.ietf.org wrote: > Hi David, > > I was talking with Krisof Teichel, Dieter Sibold and Rainer Bermbach about how we should handle NTS secured NTP pools. It's not easy as there are different perspectives on the purpose, use cases and security considerations. In general, I think I can provide support from the PTB side, even though I have very little time for it at the moment. (...NTS4PTP is very time consuming) > > I also spent a lot of time thinking about this and discussed the possibilities intensively with Rainer Bermbach. The main results are described in my recently published dissertation [ https://leopard.tu-braunschweig.de/servlets/MCRFileNodeServlet/dbbs_derivate_00053439/Diss_Langer_Martin.pdf , Chapter 4.2]. I would like to give you a brief overview here. First of all: NTS4PTP already solves this problem for PTP and provides an NTS subprotocol that can also be used for NTP (more details below). > > > > My personal goal > ----------------------------------- > From my point of view, I would like to see the communication between the NTS-KE server and the NTS capable NTP server defined. Especially in large local networks, a central NTS-KE server could be set up which, similar to the NTP pool, assigns the known NTP servers to the requesting clients. This way an admin can connect any number of NTP servers to the NTS-KE server without having to reconfigure any NTP client. > > However, I would NOT want to change public NTP pools, as this is not absolutely necessary to provide NTS-secured NTP. Depending on the implementation approach, there are different advantages/disadvantages and challenges (see below). > > > > Use Case and Security Considerations > -------------------------------------------------------------------- > The biggest question is who wants to use NTS-secured NTP pools and what security promises should be fulfilled. If someone wants "secure time or secure time synchronization", then NTS-secured NTP pools do not provide it. Although NTS secures the communication between the NTP client and NTP server, it does not provide any indication as to whether the time server itself is trustworthy. So it makes a difference whether I intentionally add 1, 2 or 3 NTS-capable time servers in the NTP configuration, or whether I hand over control and let some be assigned to me at random. ...you should at least always keep this in mind. >From my point of view we carefully should differentiate between secured time synchronisation and trustworthy time sources. So my claim would be: Usage of NTS for NTP pools would indeed increase security of time exchanges. However, the question of trust in the member of the NTP pools remains unsolved. I don?t think that this can be solved by enhancing NTS. I would suppose that the question of trust is to be solved independently from NTS. In many respects that?s similar to HTTPS, where you need TLS to secure exchange of information and a PKI to establish trust in the Web server. > > > NTS pool solution approach 1: The simplest variant: ...do nothing. > --------------------------------------------------------------------------- > You could simply provide the NTP pools with NTS-capable NTP servers. When a client receives different IP addresses for NTP servers, it can simply check via TCP port 4460 if an NTS-KE server is present. If so, it will perform the key establishment protocol for the corresponding NTP server. This is also more secure, since no central NTS-KE server is involved in the key negotiation. ...NTP pools could possibly be modified to signal which NTP servers are capable of NTS, or a client could explicitly ask for NTS capable NTP servers. The only disadvantage is that the client has to perform several TLS handshakes... but this should be acceptable. > > > NTS pool solution approach 2: central NTS-KE server > -------------------------------------------------------------------- > This method gives the NTS-KE server the ability to assign NTP servers and also to implement other services such as load control. NTS for NTP already provides mechanisms for port and IP negotiation. However, there are a number of challenges to be addressed. > > > 1: Time server registration > ------------------------------------------------------ > The communication between the NTS-KE server and the NTP server has to be defined. Since the NTS-KE protocol does not include message type detection, another NTS subprotocol is required. I have done this in NTS4PTP, which can also be easily extended for NTP. > > 2: Authorization > --------------------------------- > In short, the question of who can register with a central NTS-KE server and who issues the certificates. If this is not a question, then of course anyone can provide an NTS-secured NTP server. ...this goes back to the question of trust in the time server. > > 3. cookie format > --------------------------------- > If the NTS-KE server generates cookies, the cookie format has to be defined. The cookie format described in RFC8915 is currently recommended. Deviations are therefore allowed. Although all known NTS implementations follow this format, they all differ in field length and byte order and are therefore not compatible! > > 4. nonce collisions / key recovery > --------------------------------------------------- > If the NTS-KE server and the NTP server are separated, it must be ensured that both sides do not accidentally use the same key with the same nonce, otherwise a key recovery is possible. Either the nonce generation has to be regulated or we need 2 master keys. > > 5. miscellaneous > -------------------------------------------- > Then there are many more questions: > - Keeping the TLS channel open for multiple requests (you solved this with the keep-alive record; I solved it without a record based on timeouts and 'close_notify') > - Heartbeat messages for NTP servers > - Registration revocation mechanisms for NTP servers > - possibly data synchronization between NTS-KE servers (for resilience) > - ... > > > ..so just my thoughts > > have a nice day. > > kind regards, > Martin > > > > PS: there is an error in my thesis (chapter 4.2.5): we have no Source PortIdentity in NTP ..so ignore it ;) > > > __________________________________________ > Dr.-Ing. Martin Langer > Physikalisch-Technische Bundesanstalt (PTB) > Working Group 4.42 "Dissemination of Time" > Bundesallee 100, > 38116 Braunschweig (Germany) > Tel.: +49 531 592-4470 > E-Mail: martin.langer@ptb.de > __________________________________________ > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- Re: [Ntp] NTS Pools Luke Valenta
- [Ntp] NTS Pools martin.langer
- Re: [Ntp] NTS Pools "Dr. Dieter Sibold"
- Re: [Ntp] NTS Pools martin.langer
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Miroslav Lichvar
- Re: [Ntp] NTS Pools Windl, Ulrich
- Re: [Ntp] NTS Pools David Venhoek
- [Ntp] Antwort: Re: NTS Pools martin.langer
- Re: [Ntp] NTS Pools David Venhoek
- Re: [Ntp] NTS Pools Salz, Rich
- Re: [Ntp] NTS Pools Watson Ladd
- Re: [Ntp] NTS Pools Salz, Rich