[Ntp] Antw: Re: Antw: [EXT] Re: Post NTS, Is shared key authentication interesting?
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Wed, 27 May 2020 12:49 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6E93A0B7B for <ntp@ietfa.amsl.com>; Wed, 27 May 2020 05:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MeXCA04yuVRa for <ntp@ietfa.amsl.com>; Wed, 27 May 2020 05:49:45 -0700 (PDT)
Received: from mx4.uni-regensburg.de (mx4.uni-regensburg.de [194.94.157.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C63E03A0E3E for <ntp@ietf.org>; Wed, 27 May 2020 05:49:44 -0700 (PDT)
Received: from mx4.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 161456000056 for <ntp@ietf.org>; Wed, 27 May 2020 14:49:41 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx4.uni-regensburg.de (Postfix) with ESMTP id EEFEA6000052 for <ntp@ietf.org>; Wed, 27 May 2020 14:49:40 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Wed, 27 May 2020 14:49:41 +0200
Message-Id: <5ECE61E4020000A10003935C@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Wed, 27 May 2020 14:49:40 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: mlichvar@redhat.com, kurt@roeckx.be
Cc: "ntp@ietf.org" <ntp@ietf.org>, Hal Murray <hmurray@megapathdsl.net>
References: <68248D4C020000916A6A8CFC@gwsmtp.uni-regensburg.de> <54A83DA70200003B43047E14@gwsmtp.uni-regensburg.de> <5ECE33E0020000A10003934B@gwsmtp.uni-regensburg.de> <20200527095536.GR2915@roeckx.be> <20200527102459.GA1749@localhost>
In-Reply-To: <20200527102459.GA1749@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/c5m77WVoDkGBL06Phrf2HnUCs98>
Subject: [Ntp] Antw: Re: Antw: [EXT] Re: Post NTS, Is shared key authentication interesting?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 12:49:47 -0000
>>> Miroslav Lichvar <mlichvar@redhat.com> schrieb am 27.05.2020 um 12:24 in Nachricht <20200527102459.GA1749@localhost>: > On Wed, May 27, 2020 at 11:55:36AM +0200, Kurt Roeckx wrote: >> I'm not sure I fully understand what you're talking about, but >> sending an error message that something with the crypto was bad >> it a bad idea. You should pretend that everything was ok. An >> attacker should not be able to see the difference between an ok >> and a not ok message. Look for instance at the TLS RFCs what they >> write about a Bleichenbacher attack. > > That doesn't look to me like it would apply to the NTP authentication > using a crypto hash function or AES‑(SIV‑)CMAC. With Autokey and NTS > the server can respond with a NAK message to let the client know it is > using an old key/cookie. The client doesn't need to guess what is > wrong and can quickly start a new key establishment. > > With a symmetric key, there is not much the client can do when it > receives a NAK, except maybe log an error message. I'm not sure how > useful that would be. The admin should be able to figure it out what's > wrong even with no error message. Whether a server ignores a non-authentic message or responds with a more or less verbose error diagnostic should be configurable by the server admin. In general ignoring would be OK for public servers, but in more controlled environments an error response can be helpful to debug problems. The protocol specification should allow receipt of error responses (in a format to be defined). > > ‑‑ > Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: Post NTS, Is shared key aut… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Kurt Roeckx
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Kurt Roeckx
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Harlan Stenn
- [Ntp] Antw: Re: Antw: [EXT] Re: Post NTS, Is shar… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: Post NTS, Is shar… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Harlan Stenn
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Daniel Franke
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Harlan Stenn
- Re: [Ntp] Antw: [EXT] Re: Post NTS, Is shared key… Daniel Franke