Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standardsecurity
tom petch <daedulus@btconnect.com> Tue, 09 February 2021 11:24 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D492E3A19CD; Tue, 9 Feb 2021 03:24:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xsWmmieZYdaB; Tue, 9 Feb 2021 03:24:09 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30094.outbound.protection.outlook.com [40.107.3.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F8B13A1572; Tue, 9 Feb 2021 03:24:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OEVvfadxdC1x+ZVVHVq9MFkG/bY3ylNKzRox+kM4vOS0EBOmGSHh2uDmvYWLl5NwcM/+0Q2ebxlUJ+HNUPBSoXWmgk8lFfM82vEkhIgefEdcoCvmHK9RqbQGZvSzcNVmKkpjZBn15BbTz7vXxdqTsWSix0E6uhRrzC6V5a77PumuLO7PizZhqZF51C95RUpikpWZnYeuc3J0IsdLfxJj0w7urOzxbBTfsqlzw9yPTVdbNUBtbIUuyhwM1tC4GtGYpYzUF4PNPf/gTccG5/HnxY/L4unszAx/92XthkmilyvWzEB4Mu+jSWNVKGIFdfPW7wDN/Th6LqQDA46ihroKjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2N2zCjk1hsXnd3n9u72No4rggoWWXlZKzoKImvwAWs8=; b=JC8mFWvqxcy22AOCm0sO8h39y5u9Z56BW+JbV9wJH7OfBZEk43eZyl9vn88Ga9OFVVy9T2UeOvXTFlPEoQQKp1QBtjGNho885LV8i0DStD0MnatuFNqIwc2rFfvyg86G3vAuHr2COH7ZZ4iBclXxPfExpthB5pZL8hVZH6DTbnQOkWSCgeKApZVlsFfXMiJuPPeSYKNdNC2SgtauxPw1Do8hkpx5fM7QNI75knnssrPEZpvnDdsl1873E27Zm7Xc1J8r3rVlpUxd2AAnJ4DbBK0KyyfjVImwsN+MsK1NjgCFz4jwsS+2Drv9tTyNHYA1JZsG/DadQVeVqj/2EB/Iig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2N2zCjk1hsXnd3n9u72No4rggoWWXlZKzoKImvwAWs8=; b=pI01ndUd8628f2T6axsjtlNKo4W2DEUb0Ocv5FpQCVWXmTwb16ZVoLRyyWWe//Cfd4pPJJ6P/KKp0XHgsxQBezL3oUyiCmN4lzn+es6SExlEkEIjllBU3/kcscq1Egt8j8Pyretz9isiCbPxov0g1t34tzXRQ/A6EgpmelqgdoM=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from (2603:10a6:800:18b::8) by VI1PR07MB3967.eurprd07.prod.outlook.com (2603:10a6:803:39::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.10; Tue, 9 Feb 2021 11:24:05 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811%3]) with mapi id 15.20.3825.030; Tue, 9 Feb 2021 11:24:05 +0000
To: Dhruv Dhody <dhruv.ietf@gmail.com>
References: <161195994417.2651.6499166797756243533@ietfa.amsl.com> <60212265.6020204@btconnect.com> <CAB75xn7tXa1BCHd=KFR9DC=+bA01R1A+X2M4oUbrF-YLx8ExJA@mail.gmail.com>
Cc: last-call@ietf.org, ek.ietf@gmail.com, ntp-chairs@ietf.org, NTP WG <ntp@ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>, draft-ietf-ntp-yang-data-model@ietf.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <602262BD.3050708@btconnect.com>
Date: Tue, 09 Feb 2021 10:23:57 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <CAB75xn7tXa1BCHd=KFR9DC=+bA01R1A+X2M4oUbrF-YLx8ExJA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO4P123CA0385.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::12) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO4P123CA0385.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3825.19 via Frontend Transport; Tue, 9 Feb 2021 11:24:04 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 591f02cc-275b-4c92-cf28-08d8cced357e
X-MS-TrafficTypeDiagnostic: VI1PR07MB3967:
X-Microsoft-Antispam-PRVS: <VI1PR07MB3967A72B26CE14F817AABAFBC68E9@VI1PR07MB3967.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: U7mABkDZGxH+rHfYmgZsfEOPd3deSUNh+Cny+yJpGyZ5VUyMO9KrSwoBHBMtASaoZkxmhj7kotcczxD4UdeL+ehVo9yGBlpZBBP1d/cTYqbP03ZWBvVlf+yh9P041XE9LzteMIcXJePmgkC6s4xrQQL98kkEgTee7X9irptHnbje3pW8zsy5LqiqTQIIkxQ+OBRD5r/MOZo4pd+CK2GZpcmhn3x0TnsA62fKBn1g5IaPa8h2R/eodGk7I0+YRjs9eWK1f6f5rHGHEwDEd81ckgZ9LpYUZoH+d02LnjSrpJGdpyjMojPjkaHMdataFoTb1P+FpUzy0bdVsCW7TtyU+cFA8it5+WqBKaXfQh7TerE2OX3jQlf1atppCgH1SvjZhCL2gmnRSKVn5LvqKZCYC8X8V2PfJ2/cSYTvYM5MgqCdpZlIz0woujh9gbn8h+5ytPzwx6nc1gafTapWpgM/klH43D5W3SbpJBupPVc7Z3dRfzGkliBOzlEIEMOvmoXOffD9+qz2a5VmwLcxqOOJxA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(366004)(136003)(39860400002)(396003)(36756003)(66946007)(66556008)(16576012)(83380400001)(8936002)(54906003)(4326008)(2616005)(8676002)(956004)(316002)(33656002)(66476007)(16526019)(6666004)(186003)(53546011)(478600001)(6916009)(26005)(2906002)(5660300002)(87266011)(6486002)(86362001)(52116002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: A2XhdLJinfR1sD6G/GLlGxSoIlmhMQpEvAOfOA3RugtBgPaGLNDkH8f+Gb8XEyNvGwVK8S8SGcHlTtwMbnshmPRTZwGxha3atqPi15bNdn4OmFH6RNN/j63V75IvU93k+JuZZ2mwE5TJLcM1l+w+t/lVSjrVYr+nLT4+xj6orFZJ7pHJh1cwiIkQWX4KR3B/1uzOvqt6lUZ2dMDsT8wpjP2uxLCKwELos1BiLeRzQzMRBaWsjIiJq1WnfBBMSO6VsOZRBbCLWN8FZo7wbkXEXlvmZtG+FKSH/eQM70eoe3Pd3lMPgf4soPQB5ADlvs+dMn81H2RO+VAtk9zgxKFEVOuknp01YDMpCyw5mMekYrLzS8WId/1cJt92mvRHL6MAxQrfh/MbyDgk1kwjJfEEfuWlktO6IiBRqlDLYQn+Ai+izrtf/6xoaxiVVX4Hh3+JjpManQe1SxO7dFJJaTgsEzhlizdN2li4IoN8dg/aFFNV55+hTq3VwKUsEE6OcDLSQ1PL+jJ4kLRtCis73n9pUNrBV0C6wJ5OO8sD4Efea6A4x5yJAJXIdGQ9QBECNEdKiOkkBaDgwy5O1mfNL68BuFnKo/9xC2RJwbu9LBadQtKlaMH0ZtveQQwVa+UwhVonaJkxyM4ut/TOSwe3nTjshjEpjf0rCUwFpfZ4JuNq1Mb6/57CLEE/u6ZEJhjf7GsYsUCTf6+oWucZ9J780FQUdtvVHQn2qdrL2fxKQYe8B/z+U6+yaVuGEi/69aMZ6ukBiuEaOLZU8HaWiHrmQXt+e1bq4Rwli4YpnhtVzH/9+aSBWb6d3lmq5WIBUigCHPJ/VUUCDWgJMcPdYzxmkJJIk3MEfYgbIfBYPw/i0fstfTLEefwbzumOb/bEzrWPXJaaVJH4+WOrTze4y31f6esYb2zEhvfrtkNnCEsg2tmG1q9rY9d6RBZRFwmlKYcAvSXz2pL8l1nLI6XFUtVwf5L4OxnlFZDLxGSZlF8tNzhr4WoD/WZHpGpx3m3i9gl18JQ2BzNsPM0q7iotJSq5HoWsKoA9ONbtresF2Eiu8ikET7XVs+QH/LqFaP8Cm4lYNTd0nmwSR7t4O/AUDuhukyjn6oWWt/eu6biDcgtrVvBiPL5qNeNR8m2lZIVeTznhBUL0RszCElC05AoGL6l1JdQNWMX3DyX6OKfwC0DKlb7xhFM73GUnbSb2A9iiwEuZp2JTCaCZKa/mDuMICHEwZvMHV1zlQIpyGQiQ+c7rllBIoGAlzGtrFWcvmvH9cqgahQR/VadCRytsehMzkIwz2SfDV4vtQx29Yhl5aC5q5eXqV0Fzp0JMkAgvtxMX3t6RiFsA
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 591f02cc-275b-4c92-cf28-08d8cced357e
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2021 11:24:05.2182 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4FekUGMnR/xfQFeqFHMYmmraF+6OZ8GBx+MmgGlRlfFh9siE09shA2D+GtkA2kRmIlfaSc7U+KIfjJKRNK3Qiw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3967
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/c2gwIU6uZY7NcEVyDCyf68ax3mI>
Subject: Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standardsecurity
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 11:24:11 -0000
On 08/02/2021 17:05, Dhruv Dhody wrote: > Hi Tom, > > Thanks for your detailed review. Lets discuss the security first - > > On Mon, Feb 8, 2021 at 6:07 PM tom petch <daedulus@btconnect.com> wrote: >> >> This is my second response to this Last Call, about a possible security >> issue. >> >> RFC8573 seems clear that MD5 must not be used to effect security for NTP >> but this I-D imports iana-crypt-hash which allows MD5 without any >> restriction, so is MD5 allowed or not? > > Good question. While it is easy to restrict the use of MD5 by adding a > must statement, I want to check if it is a good idea. The YANG model > is written in such a way that it supports older versions of NTP as > well. Would barring MD5 configuration be an issue if there are older > implementations in the network still? I think perhaps adding a warning > in the description is a good idea. I did a quick search and dont see > other YANG models doing a check either. Would be good to get some > guidance on this. Dhruv After many years, Security (AD, secdir, advisor) still have the power to surprise me but I would still be surprised if Security were happy with an I-D which places no constraint on MD5 when the IETF has published RFC deprecating its use and NTP has RFC8573 which specifically deprecates it. Yet Security may not realise this from reading this I-D since the unrestricted use of MD5 is not immediately apparent so my post was aimed at bringing this to the attention of Security. As to whether this needs a note in Security Considerations or enforcing by YANG or both I am less clear on - that is up to Security. If the YANG is to deprecate it, then the features in ianach make that possible. Whether or not MD5 is widely used in the field is irrelevant. The IETF consensus it to deprecate its use and I am sure that the IESG will want this I-D to do just that. Tom Petch > >> There are features defined which allow the hash in iana-crypt-hash to be >> restricted but this I-D does not use them. >> > > I didn't see any reason to use them in the NTP Yang. Can you? > >> Probably iana-crypt-hash should be updated - I will raise that on the >> NETMOD WG list. >> >> The I-D also uses MD5 in a way that would appear not to be security >> related, to hash an IPv6 address. >> > > This is as per RFC 5905 - > > If using the IPv4 address family, the identifier is the four- > octet IPv4 address. If using the IPv6 address family, it is the > first four octets of the MD5 hash of the IPv6 address. > > >> In passing, this I-D has three references to RFC7317. This is wrong - >> the module is IANA-maintained and so the references should be to the >> IANA website. >> > > But even the iana-crypt-hash YANG model put RFC 7317 as a reference - > > revision 2014-08-06 { > description > "Initial revision."; > reference > "RFC 7317: A YANG Data Model for System Management"; > } > > I will start working on your other comments and prepare a new version. > > Thanks! > Dhruv > >> The secdir reviewer might be interested in my thoughts. >> >> Tom Petch >> >> On 29/01/2021 22:39, The IESG wrote: >>>
- [Ntp] Last Call: <draft-ietf-ntp-yang-data-model-… The IESG
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Hal Murray
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Miroslav Lichvar
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: … Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Danny Mayer
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… James Browning
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Christian Huitema
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Martin Burnicki
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch