Re: [Ntp] Antw: Re: BCP 195
kristof.teichel@ptb.de Wed, 29 August 2018 07:27 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCAED130DC3 for <ntp@ietfa.amsl.com>; Wed, 29 Aug 2018 00:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPjFAS2ejqAy for <ntp@ietfa.amsl.com>; Wed, 29 Aug 2018 00:27:41 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02D3312008A for <ntp@ietf.org>; Wed, 29 Aug 2018 00:27:40 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id w7T7Pbox010120-w7T7Pbp1010120 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 29 Aug 2018 09:25:38 +0200
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 0720F6C2BF9; Wed, 29 Aug 2018 09:25:36 +0200 (CEST)
In-Reply-To: <5B863E1A020000A10002D071@gwsmtp1.uni-regensburg.de>
References: <CAJm83bBsmKB14-dXGFXRMHXMOtwfogqDe8Vz54dJKOAL1N24NA@mail.gmail.com> <CAJm83bAS2_m=wLsCw1kss9+Dck7fXtZZE15wAhy_88D2w-HxGA@mail.gmail.com> <5B863E1A020000A10002D071@gwsmtp1.uni-regensburg.de>
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Cc: Daniel Franke <dfoxfranke@gmail.com>, "ntp@ietf.org" <ntp@ietf.org>
MIME-Version: 1.0
Message-ID: <OF6F175C06.A8E60C22-ONC12582F8.0025E241-C12582F8.0028CBB2@ptb.de>
From: kristof.teichel@ptb.de
Date: Wed, 29 Aug 2018 09:25:36 +0200
Content-Type: multipart/alternative; boundary="=_alternative 0028CBB2C12582F8_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/bRvTwEsWJgIEwMzJ7SnEHL_2qSA>
Subject: Re: [Ntp] Antw: Re: BCP 195
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2018 07:27:44 -0000
"ntp" <ntp-bounces@ietf.org> schrieb am 29.08.2018 08:32:58: > Von: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de> > An: "Daniel Franke" <dfoxfranke@gmail.com>, "ntp@ietf.org" <ntp@ietf.org> > Datum: 29.08.2018 08:33 > Betreff: [Ntp] Antw: Re: BCP 195 > Gesendet von: "ntp" <ntp-bounces@ietf.org> > > >>> Daniel Franke <dfoxfranke@gmail.com> schrieb am 28.08.2018 um 20:06 in > Nachricht > <CAJm83bAS2_m=wLsCw1kss9+Dck7fXtZZE15wAhy_88D2w-HxGA@mail.gmail.com>: > > How's this? > > > > <section title="TLS profile for Network Time Security" > > anchor="tls?profile"> > > <t> > > Network Time Security makes use of TLS for NTS key establishment. > > </t> > > <t> > > Since securing time protocols is (as of 2018) a novel > > application of TLS, no backward?compatibility concerns exist > > to justify using obsolete, insecure, or otherwise broken TLS > > features or versions. Implementations MUST conform with <xref > > target="RFC7525"/> or with a later revision of BCP > > 195. Furthermore: > > </t> > > <t> > > Implementations MUST NOT negotiate TLS versions earlier than > > 1.2, SHOULD negotiate TLS 1.3 <xref target="RFC8446"/> or > > later when possible, and MAY refuse to negotiate any TLS > > version which has been superseded by a later supported > > version. > > Isn't that too much words? "MUST negotiate TLS 1.3 or later" should say all of > the above. Specifically the "MAY refuse" is redundant, because the protocol is > "negotiated" already. > Making specificatiions about future protocols is not really helpful IMHO. I believe it is the right amount of words, specifically for the question of TLS 1.2 vs 1.3. The given suggestion completely excludes TLS 1.2, which I think is a bit premature. On the other hand, the "MAY refuse" clause seems to me like it's not so much about future protocols, but about the option to refuse 1.2 in case 1.3 is supported (which I think is a great way to handle these versions). As an aside: does anyone here know the exact way in which "negotiate" is supposed to be used? What I mean is: does it describe 1) what one given device offers, or 2) what two (or more) devices agree on after some negotiation phase? I bring this up because in Ulrich's suggestion, the words "MUST negotiate..." rubbed me the wrong way. I read them as excluding the option for negotiations to fail (which should definitely be an option). Also, neither participant (alone) can really ensure this result, which makes it seem like one should not try to mandate it. In BCP 195, I see "negotiate" only used in language that supports interpretation 2) and is consistent with only mandating things that one single participant can actually influence: - "MUST NOT negotiate x" (either participant can ensure this by not offering/supporting x) - "SHOULD NOT negotiate x" (as above) - "MUST support x" (local to each participant) - "MUST prefer to negotiate x" (again, local to each participant) Never is it "MUST negotiate x" or even "SHOULD negotiate x". This makes me wonder if, in Daniel's suggestion, the words "SHOULD negotiate TLS 1.3" should be changed to "SHOULD prefer to negotiate TLS 1.3". I don't believe it is as important in a "SHOULD" clause. Still: mandates (even weak ones) should probably only be made on things that each participant on its own can actually influence. What do you think? > Regards, > Ulrich > > > </t> > > <t> > > Use of the <xref target="RFC7301">Application?Layer Protocol > > Negotiation Extension</xref> is integral to NTS and support for > > it is REQUIRED for interoperability. > > </t> > > </section> > > On Tue, Aug 28, 2018 at 1:46 PM Daniel Franke <dfoxfranke@gmail.com> wrote: > >> > >> I just learned (by reading draft?moriarty?tls?oldversions?diediedie) > >> that BCP 195 exists, which gives best current practices for secure use > >> of TLS. I'm going to rewrite the "TLS Profile for Network Time > >> Security" as primarily a mandate to comply with that BCP. It'll go on > >> to turn a couple of its SHOULDs into MUSTs where the BCP makes more > >> allowances for legacy compatibility than we need to. > > > > _______________________________________________ > > ntp mailing list > > ntp@ietf.org > > https://www.ietf.org/mailman/listinfo/ntp > > > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] BCP 195 Daniel Franke
- Re: [Ntp] BCP 195 Daniel Franke
- Re: [Ntp] BCP 195 dieter.sibold
- Re: [Ntp] BCP 195 Marcus Dansarie
- Re: [Ntp] BCP 195 kristof.teichel
- [Ntp] Antw: Re: BCP 195 Ulrich Windl
- Re: [Ntp] Antw: Re: BCP 195 kristof.teichel
- [Ntp] Antw: Re: Antw: Re: BCP 195 Ulrich Windl