[Ntp] Comments on draft-langer-ntp-nts-for-ptp
Watson Ladd <watsonbladd@gmail.com> Fri, 05 March 2021 19:55 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE3D3A0B41 for <ntp@ietfa.amsl.com>; Fri, 5 Mar 2021 11:55:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9wHLFzuc9VLP for <ntp@ietfa.amsl.com>; Fri, 5 Mar 2021 11:55:36 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36D733A0B54 for <ntp@ietf.org>; Fri, 5 Mar 2021 11:55:36 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id l12so4288714edt.3 for <ntp@ietf.org>; Fri, 05 Mar 2021 11:55:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=fv7n+BBKfSnqWbAgvBMh1iKahwc70zBFoHbeytdf600=; b=mTAOCIsdzmKACArP6JbqMfrq/VVFXKWlUR0gYdLxv05OzLof+VorNYaI0/Hl72kR15 NByCREYbYT0owAGW0XqwcHNRgiZngQqb/ZA1njZ7Y26eTOzHkjbp6XRt0SAtyGJxuyfh hOs2IOkyzT960cB/QZ9vE9Hmws8E9DkWW1F6KU5bX8tBMCUmXPY245Tkb1phHiiN78+L yiOsJtxeYN8aQtT/Iscn16Ot3EE1n9jwuv772kWGA0ovX2TWSWZqWh+VAX0A/rxmdQQJ SbngeFOsRtUAugIp4xDNotDGu2GTI6LHwFuLAP132wAZSWqynwbYIDr2gwwn4obPdjbL sChQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fv7n+BBKfSnqWbAgvBMh1iKahwc70zBFoHbeytdf600=; b=ADC62muBhpVdB62ihQ186W9B7894ZKBd029ig4kuyN+zFX51l6BmrOK6pDvLU3eh7E 7fqk5QeZDQry1ke+iB7VqyNjfbLO93CpmavcmfkhmdNrOqm06uTKS9lateoNFEOIcJjj /lKJNolCnpBWf8Er7w+yonTxqNqR7LdV6ZFuUNWziRjo08jrHIA4AGwv3SzSGt/Mogkh hfKcy1GUdeinZWB62ragj9rwYwCg9sMsYS1Xtz8uipxwvvPSQRc2R0HGRRKfSfwLnE8X UbnuizBJq6HVvJjEdE1pc/s3DwBq8cxuljiTawUIvJ2uh4rxR8eqOz/RXn+pfKYwIdq8 0FOg==
X-Gm-Message-State: AOAM532ez+52xLXWW+gykE63jEULCxsEnH2Y/9aB/eUgZxU5qSOouB2r NaH1mk4D9LXYErDb/6JpprMwS41YB8xqe63WgbDVsxyit+w=
X-Google-Smtp-Source: ABdhPJw7/osnZ7PC86YtoSrQBPIKca3b6183aZglqF/3KAs+SwTgerK8lqUPsjWbCSb3C6G2Q8d8qVio9ZNES3jD8h8=
X-Received: by 2002:a50:a402:: with SMTP id u2mr10778094edb.383.1614974134083; Fri, 05 Mar 2021 11:55:34 -0800 (PST)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 05 Mar 2021 11:55:22 -0800
Message-ID: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/dhNZvQImGcjR5T1H8zgp7DUBmro>
Subject: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 19:55:38 -0000
Dear WG, I recognize that this is a pretty early draft and so I'm going to focus on the aspects that are outlined that I think may be problematic, rather than nitpick the clear and well written, although somewhat incomplete text. My first concern is that this draft doesn't play nicely with NTS. NTS doesn't have a hierarchical record structure defined, deliberately to avoid a well-trod class of security and correctness issues. An NTS way to do this would be to unmake the PTP key grant structure and send a NTP Next Protocol Negotiation field directly, and use new noncritical PTP server or group negotiation messages. Obviously it's a bit complicated by the layering of PTP. My second concern is cryptographic. Instead of deriving the key from the TLS handshake, the server sets it. We didn't do this in NTS for NTP for a reason. The way we do forced key rotations is by getting new tickets. Group keys have weaker authentication and security properties than a tree of unicast associations. I think this is an important draft that covers a real usecase, but should try to break the flow of NTS a bit less. I hope these comments are useful. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim
- [Ntp] Comments on draft-langer-ntp-nts-for-ptp Watson Ladd
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Hal Murray
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Dieter Sibold
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Doug Arnold
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung