Re: [Ntp] NTPv5 draft

Philip Prindeville <philipp@redfish-solutions.com> Tue, 01 December 2020 00:19 UTC

Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.21\))
From: Philip Prindeville <philipp@redfish-solutions.com>
In-Reply-To: <DCB6C97C-3CC3-4A75-B633-2A35E17573C3@akamai.com>
Date: Mon, 30 Nov 2020 17:19:22 -0700
Cc: Doug Arnold <doug.arnold@meinberg-usa.com>, Dieter Sibold <dsibold.ietf@gmail.com>, Miroslav Lichvar <mlichvar@redhat.com>, "ntp@ietf.org" <ntp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D83CF814-18DC-4DA8-88F8-BB7FFEAD7733@redfish-solutions.com>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <49B3601E-C6A9-4B9E-BE9D-7FD69CCC54DC@meinberg-usa.com> <DCB6C97C-3CC3-4A75-B633-2A35E17573C3@akamai.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/WyO6OfcvDi5JBXORCtsFgCvgH_g>
Subject: Re: [Ntp] NTPv5 draft
Precedence: list

> On Nov 30, 2020, at 4:44 PM, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> wrote:
> 
>>   I think that there is a possibility of a non safety-critical closed network application of ntp that does not need security.
> 
> I am strongly opposed to this for three and a half reasons:
> 1. The use-case is not known, so we should assume that NTPv4 is good enough.
> 1.5 If this is not the case, those who need this need to make the argument to this WG.
> 2. Security should no longer be optional for IETF protocols.
> 3. "Closed network" is increasingly unlikely; we're seeing more things "in the cloud" for example.
> 

Plus everything Rich said.

(2) in particular because there are so many things that might require accurate time that are potentially exploitable if this is defeated.

For instance, if I warp a clock sufficiently forward or backward, I can cause X.509 certificates to be outside of their validity windows, which could cause loadable kernel module (LKM) signature verification to fail, creating a denial-of-service of critical system services, protocol and device drivers, etc.  It could cause other trust-based (PKI) services like DNSSec to fail… Ssh… HTTPS… CRL’s themselves to be ignored (yeah, that’s a bit of a mind-twister, isn’t it?)…  secure firmware updates might fail, so exploitable vulnerabilities never get flushed out of the universe of IoT’s…

[Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Dieter Sibold
Re: [Ntp] NTPv5 draft Kurt Roeckx
Re: [Ntp] NTPv5 draft Steven Sommars
Re: [Ntp] NTPv5 draft Doug Arnold
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft Philip Prindeville
Re: [Ntp] NTPv5 draft Philip Prindeville
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Miroslav Lichvar
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] NTPv5 draft Kurt Roeckx
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft James
[Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Dieter Sibold
Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Kurt Roeckx
Re: [Ntp] NTPv5 draft Hal Murray
[Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTPv5 d… Ulrich Windl
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] NTPv5 draft Doug Arnold
Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTP… Hal Murray
Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Salz, Rich
Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Doug Arnold
Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Kurt Roeckx
Re: [Ntp] NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Doug Arnold
Re: [Ntp] NTPv5 draft Dieter Sibold
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft James
Re: [Ntp] NTPv5 draft Warner Losh
Re: [Ntp] NTPv5 draft Philip Prindeville
Re: [Ntp] NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Warner Losh
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Philip Prindeville
Re: [Ntp] NTPv5 draft Doug Arnold
Re: [Ntp] NTPv5 draft Doug Arnold
Re: [Ntp] NTPv5 draft Doug Arnold
Re: [Ntp] NTPv5 draft Philip Prindeville
Re: [Ntp] NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft Salz, Rich
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft Marcus Dansarie
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft James
Re: [Ntp] NTPv5 draft Magnus Danielson
Re: [Ntp] NTPv5 draft Warner Losh
Re: [Ntp] NTPv5 draft Magnus Danielson
Re: [Ntp] NTPv5 draft Warner Losh
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Magnus Danielson
Re: [Ntp] NTPv5 draft James
Re: [Ntp] NTPv5 draft Salz, Rich
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Miroslav Lichvar
[Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
[Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft kristof.teichel
Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Hal Murray
Re: [Ntp] NTPv5 draft James
Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
Re: [Ntp] NTPv5 draft Miroslav Lichvar
Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Christer Weinigel