IETF Logo Mail Archive

Re: [Ntp] [EXT] An NTPv5 design sketch

Dieter Sibold <dsibold.ietf@gmail.com> Tue, 14 April 2020 11:12 UTC

Return-Path: <dsibold.ietf@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A0393A0B3D for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 04:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7y72CgDhjlxH for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 04:12:36 -0700 (PDT)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 648163A0B3C for <ntp@ietf.org>; Tue, 14 Apr 2020 04:12:36 -0700 (PDT)
Received: by mail-wr1-x436.google.com with SMTP id k1so6605539wrx.4 for <ntp@ietf.org>; Tue, 14 Apr 2020 04:12:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3s78445v3CHsbzFlEmzLcFI2tWVmJ+h9Vyl5x41405s=; b=eVR4XY4FBZqTv/bzHIeHA9q5LAoW+yhXKApZRk4tOlayMaM9im7rn2sbnKdMrTuZcK mwRe+lMyId7BEec1jOTHQAcH1wtgbg882Cn0MFhpFCv+RWdPmLFVbaK1EI2kR1PxOhPB RswW6AVL8arVLysfVU2gUudYEgffHhTQOvWJBbHiR8pQWMWFc6qFZ7pZmilFIYgvT+mT R+Cj7geuH4S8wypMhdwe87t7vuuzFrTmI1vdSOFBnjNtPsT8+hU6S+k1iLAEq5gJFmc3 M+VMqprt8P4Oj7wVx69hkKkiYJuh9zEO6/mZoynfxF9zNFqfLjpHu59EWOJMMQ7BtnZQ 16tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3s78445v3CHsbzFlEmzLcFI2tWVmJ+h9Vyl5x41405s=; b=ar9kOy4XRxuB5x0mRAJQ8VbJmwb4lhPWwG4HEGXDtAXTuuK2KLAjzVlhbuny34OIHD wEvVN6yYgCfd9Aahs7SAMIYXHiYzfAIeYV5ZLmwBxhLAxub5p3ENzf/jpvmPQA3pULVP lCSOnioWeuZJ8JuYzYVBs6+eBXDSXIyHwSLPlyjWKwzyATPp5e98fBAa6h6WVKe3+FcF UD8eBZvWkdMYsMddD7IxTe8qrwHKK+WXbFTxkVotEd+9YKipx4l6MxHu7ds8igqV83Vk geFBTU0X/6Ttnde/RoRaaEn0Keia1wOcbgpGtdgVj9hpm8OXFpiUcKWmryGlef4GNj3k 1fUQ==
X-Gm-Message-State: AGi0Puanz9HAKLuAfFnkT95+RiZK73KqE/0cKTBjOKUxnA1bXRK4N5AE rAOqDyp7YeieF/r9nkwuGYsJQ2yR
X-Google-Smtp-Source: APiQypJ3GRrBqe1bxu7LVmb/ETXr0+S5rkgnp5e7s+U+n5KKzeOTdaiHLZegBDKKB+NAiBi5ew6cVg==
X-Received: by 2002:adf:f1cd:: with SMTP id z13mr12523637wro.166.1586862754891; Tue, 14 Apr 2020 04:12:34 -0700 (PDT)
Received: from [192.168.111.35] (p200300D17F06AF005CBFEB72F5316CDC.dip0.t-ipconnect.de. [2003:d1:7f06:af00:5cbf:eb72:f531:6cdc]) by smtp.gmail.com with ESMTPSA id d13sm9710522wmb.39.2020.04.14.04.12.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Apr 2020 04:12:34 -0700 (PDT)
From: Dieter Sibold <dsibold.ietf@gmail.com>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, NTP WG <ntp@ietf.org>
Date: Tue, 14 Apr 2020 13:12:33 +0200
X-Mailer: MailMate Trial (1.13.1r5671)
Message-ID: <C9355FFF-52F5-45A8-A9C5-71E87DFC93C3@gmail.com>
In-Reply-To: <CAJm83bBLcOZ=jEC5HZCT5BAD+MDdkQ8DLeA8tXM1Q_ED5GTZ=w@mail.gmail.com>
References: <12964_1586708394_5E933FAA_12964_692_1_CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <ec8885a7-ddb4-8523-3b32-355325eca78c@rz.uni-regensburg.de> <CAJm83bBLcOZ=jEC5HZCT5BAD+MDdkQ8DLeA8tXM1Q_ED5GTZ=w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Wqm_-K31iHtYMMGQ5a2A5igYZ58>
Subject: Re: [Ntp] [EXT] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 11:12:38 -0000


On 13 Apr 2020, at 23:16, Daniel Franke wrote:

> On Mon, Apr 13, 2020 at 5:07 PM Ulrich Windl
> <Ulrich.Windl@rz.uni-regensburg.de> wrote:
>>> * Time packets carry an unencrypted and unauthenticated correction
>>>    field intended for manipulation by middleboxes. The function of 
>>> this
>>
>> Doesn't this feature make requiring NTS obsolete? Any MiTM could
>> manipulate these fields then.
>
> I address this some in the final paragraph; implementations need to
> set a limit on the magnitude of the correction they're willing to
> accept, and that limit must be no greater than half the round-trip
> time. Without NTS, the magnitude by which a MitM can manipulate your
> clock is unlimited. With NTS and half-RTT limit on correction fields,
> the magnitude is at most double what it would be with NTS and no
> correction fields (up to a whole RTT rather than a half an RTT).

That is the problem with correction field. In 1588 working group we had 
the same problem with PTP’s correction field. But this does not make 
NTS obsolete. Although a MITM might mingle with the corruption field NTS 
ensures integrity and authenticity of the rest of the NTP packet. So the 
client can trust that the origin of the packet and also the timestamps 
from the packet. If the client as reason to believe that the correction 
fields have been tampered it can even chose to ignore them.

>
>> (also I'm still wondering what's the
>> benefit of encrypting the current time when sending it out more or 
>> less
>> real-time)
>
> Almost certainly none, but given that NTS requires encryption
> regardless (for cookie unlinkability), why in the world would we want
> to *not* encrypt it? What do we gain by trying to pick and choose
> which fields we think really need encryption?

There is no reason not to encrypt the timestamps in a new version of 
NTP.

>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email