IETF Logo Mail Archive

Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp

"Dieter Sibold" <dsibold.ietf@gmail.com> Mon, 10 December 2018 22:09 UTC

Return-Path: <dsibold.ietf@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76BC31312C8 for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 14:09:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y00s3t8LTltv for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 14:09:03 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC6D51312D0 for <ntp@ietf.org>; Mon, 10 Dec 2018 14:09:02 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id b14so12074946wru.12 for <ntp@ietf.org>; Mon, 10 Dec 2018 14:09:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MBw5OAUE69JE/6MuTRE15HykOd91VBjwhkMOES2RCXs=; b=PB4iOWh7Al3ZJbuG7qAbk+iGLjQumB3/UEVg4xl42TpYXUr92lt/whVP2fw43Zejiq oLaanvKUxgAeb/bs8sECL9qLqRn1hhlgiNU3tOZyEYZTUmdVHnU51Q+oVakCtGvKtq8j f5pT9QgL/JQOQ84M4LmLf6/KPaNmvjcIsSalyqfNmVx5e4ftTgHscghSnikyGYpLeSC1 72+lNtF/a5o97LHpcCskabIc9K6AKfAifanrtfgwPlaUR001dwxWcxw+3GAqytZmObRl qBd+aUTUdQEQ1XQ1Mk5fcMq17VJ3KxHKKEZbVYyICp/VgsPnvmdUAUaSCfL92cAnMvwZ litQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MBw5OAUE69JE/6MuTRE15HykOd91VBjwhkMOES2RCXs=; b=GP7sg71faMzj1O3piWEofg2s/Z+xC53cllFZyyrMBFPM2Im65n2OsbFuG5DgrR4Uv5 jk+0+G2udFR4CFevJ5ECDpUIVqt+Q3ZwOuVAh3mDLOBdE4gmJXLNGw+cHGmbGW2Dpn7t QE7Pga0vQIHYHthdka49p8NFAGQzU55IZ9g4hTP9i8SufYOaoH1NinIc3Zu8XcX9Kf+9 TyG9nGIcUARd7jP7xK0UPy1I+fQGNLlS1kmrNzlt8DTj5i6YhycndALMfoZfARNsfq2Z KPo85PedFfm3ZYbOvar48O+9aN2HW8zqkIyR9Yyz78kYXmV9BQkjOQS4GMtoGzhJC6eP p6Ug==
X-Gm-Message-State: AA+aEWbdrTLRY2k2xtZrpiZeGgTxzZKy5Cgogtf1EC6BFJUbBO2V/dUJ cWMm/PgOgYI6+b7/ICPe16UzJ8F8
X-Google-Smtp-Source: AFSGD/X/iAK6IoC+yuf4qTY/y1LsxSokMwhUbtF4+7phjF9UOdaHVdbbkbdgEt9/4PMsBPbqyH4tUA==
X-Received: by 2002:adf:90e5:: with SMTP id i92mr10602318wri.210.1544479741207; Mon, 10 Dec 2018 14:09:01 -0800 (PST)
Received: from [192.168.178.23] (p200300D17F118400C86ACE6F075BB06C.dip0.t-ipconnect.de. [2003:d1:7f11:8400:c86a:ce6f:75b:b06c]) by smtp.gmail.com with ESMTPSA id 14sm141763wmv.36.2018.12.10.14.09.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Dec 2018 14:09:00 -0800 (PST)
From: Dieter Sibold <dsibold.ietf@gmail.com>
To: Marcus Dansarie <marcus@dansarie.se>
Cc: ntp@ietf.org
Date: Mon, 10 Dec 2018 23:08:58 +0100
X-Mailer: MailMate Trial (1.12.2r5568)
Message-ID: <07E2892F-AD50-4585-AD43-8886FDAD776F@gmail.com>
In-Reply-To: <0805badf-b411-a0f7-e1ae-b94b4581a86c@dansarie.se>
References: <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <0805badf-b411-a0f7-e1ae-b94b4581a86c@dansarie.se>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/XiOlFRJKv-Qc6XAKhsf2mwTEBGA>
Subject: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 22:09:11 -0000

Hi Marcus,
here are my comments for pull request #15



077f0da6
The current documents translates correctly without any errors. 
Therefore, I would imply that the additional section closing tag is one 
too much.

---------------------
a7c4f563
I don't get why you want to relax this requirement. Please explain.

---------------------
60d34d92
This is ok with me.

---------------------
2b436df8
I agree in principal. I suggest following changes

### original
         <t>
           Implementers must be aware of the possibility of "NTS 
stripping"
           attacks, where an attacker tricks clients into reverting to 
plain
           NTP. Naive client implementations might, for example, revert
           automatically if the NTS-KE handshake fails. A 
man-in-the-middle
           attacker can easily cause this to happen. Even clients that 
already
           hold valid cookies can be vulnerable, since an attacker can 
force a
           client to reperform the NTS-KE handshake by sending faked NTP 
mode 4
           replies with the NTS NAK kiss code. Forcing a client to 
reperform the
           NTS-KE handshake can also be the first step in more advanced 
attacks.
         </t>

### new
         <t>
           Implementers must be aware of the possibility of "NTS 
stripping"
           attacks, where an attacker tricks clients into reverting to 
plain
           NTP. Naive client implementations might, for example, revert
           automatically to plain NTP if the NTS-KE handshake fails. A 
man-in-the-middle
           attacker can easily cause this to happen. Even clients that 
already
           hold valid cookies can be vulnerable, since an attacker can 
force a
           client to repeat the NTS-KE handshake by sending faked NTP 
mode 4
           replies with the NTS NAK kiss code. Forcing a client to 
repeat the
           NTS-KE handshake can also be the first step in more advanced 
attacks.
         </t>

---------------------
15ed0dc2
ok

---------------------
6309580e
ok

---------------------
83ddc061
ok








Dieter Sibold
dsibold.ietf@gmail.com

On 6 Dec 2018, at 21:40, Marcus Dansarie wrote:

> Following discussion on the list and in a conference call with Me,
> Daniel, Dieter, Karen, and Ragnar, I've created a pull request in the
> Github repo with some suggested changes. Each link points to the 
> change
> on Github.
>
> As I've stated before, I support the draft in its current state. These
> suggestions represent minor fixes and improvements.
>
> Kind regards,
> Marcus
>
>
>
> * Added a missing XML section close tag that prevented xml2rfc from
> parsing the file.
> https://github.com/dfoxfranke/nts/pull/15/commits/077f0da64a1356d7d62e406dbfa699b3cabaadac
>
> * Relaxed the requirement that the client associates with a NTP server
> at the same address as the NTS-KE server from SHALL to SHOULD.
> https://github.com/dfoxfranke/nts/pull/15/commits/a7c4f563ab121b45e778975f3869ebf13e6c871d
>
> * Improved the language on cookie reuse. This is Ragnar's suggested
> text, with improvements suggested by Dieter.
> https://github.com/dfoxfranke/nts/pull/15/commits/60d34d92c026369b551d93abb465e4cfdbeff567
>
> * Added section to Security Considerations section on NTS stripping.
> https://github.com/dfoxfranke/nts/pull/15/commits/2b436df8c666ee5e87cc46d9a2531134c99f2dc7
>
> * Emphasize that clients shouldn't reperform NTS-KE handshake just
> because the the server's certificate expires.
> https://github.com/dfoxfranke/nts/pull/15/commits/15ed0dc29549df362961c7f1a1556b1d4dfe64a3
>
> * Added note on importance of forward secrecy.
> https://github.com/dfoxfranke/nts/pull/15/commits/6309580e5d35e2295e3623d23937a4e125e775e5
>
> * Fixed typos discovered by Martin Langer.
> https://github.com/dfoxfranke/nts/pull/15/commits/83ddc061c014a9aaac934e05f501e41ebe0c2f50
>
> On 2018-11-06 21:46, Karen O'Donoghue wrote:
>> Folks,
>>
>> This message initiates a three plus week working group last call for:
>>
>> Network Time Security for the Network Time Protocol
>> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
>>
>> Please review the referenced document and send any comments to the 
>> mailing list including your assessment of whether this document is 
>> mature enough to proceed to the IESG. Please note that these messages 
>> of support for progression to the mailing list will be used to 
>> determine WG consensus to proceed.
>>
>> Please send all comments in by COB on Friday 30 November. We realize 
>> this is a bit longer than normal but we are coming out of an IETF 
>> week and heading into the Thanksgiving holiday in the US.
>>
>> Thanks!
>> Karen and Dieter
>> _______________________________________________
>> ntp mailing list
>> ntp@ietf.org
>> https://www.ietf.org/mailman/listinfo/ntp
>>
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email