[Ntp] Comments on draft-langer-ntp-nts-for-ptp

Watson Ladd <watsonbladd@gmail.com> Fri, 05 March 2021 19:55 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE3D3A0B41 for <ntp@ietfa.amsl.com>; Fri, 5 Mar 2021 11:55:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9wHLFzuc9VLP for <ntp@ietfa.amsl.com>; Fri, 5 Mar 2021 11:55:36 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36D733A0B54 for <ntp@ietf.org>; Fri, 5 Mar 2021 11:55:36 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id l12so4288714edt.3 for <ntp@ietf.org>; Fri, 05 Mar 2021 11:55:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=fv7n+BBKfSnqWbAgvBMh1iKahwc70zBFoHbeytdf600=; b=mTAOCIsdzmKACArP6JbqMfrq/VVFXKWlUR0gYdLxv05OzLof+VorNYaI0/Hl72kR15 NByCREYbYT0owAGW0XqwcHNRgiZngQqb/ZA1njZ7Y26eTOzHkjbp6XRt0SAtyGJxuyfh hOs2IOkyzT960cB/QZ9vE9Hmws8E9DkWW1F6KU5bX8tBMCUmXPY245Tkb1phHiiN78+L yiOsJtxeYN8aQtT/Iscn16Ot3EE1n9jwuv772kWGA0ovX2TWSWZqWh+VAX0A/rxmdQQJ SbngeFOsRtUAugIp4xDNotDGu2GTI6LHwFuLAP132wAZSWqynwbYIDr2gwwn4obPdjbL sChQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fv7n+BBKfSnqWbAgvBMh1iKahwc70zBFoHbeytdf600=; b=ADC62muBhpVdB62ihQ186W9B7894ZKBd029ig4kuyN+zFX51l6BmrOK6pDvLU3eh7E 7fqk5QeZDQry1ke+iB7VqyNjfbLO93CpmavcmfkhmdNrOqm06uTKS9lateoNFEOIcJjj /lKJNolCnpBWf8Er7w+yonTxqNqR7LdV6ZFuUNWziRjo08jrHIA4AGwv3SzSGt/Mogkh hfKcy1GUdeinZWB62ragj9rwYwCg9sMsYS1Xtz8uipxwvvPSQRc2R0HGRRKfSfwLnE8X UbnuizBJq6HVvJjEdE1pc/s3DwBq8cxuljiTawUIvJ2uh4rxR8eqOz/RXn+pfKYwIdq8 0FOg==
X-Gm-Message-State: AOAM532ez+52xLXWW+gykE63jEULCxsEnH2Y/9aB/eUgZxU5qSOouB2r NaH1mk4D9LXYErDb/6JpprMwS41YB8xqe63WgbDVsxyit+w=
X-Google-Smtp-Source: ABdhPJw7/osnZ7PC86YtoSrQBPIKca3b6183aZglqF/3KAs+SwTgerK8lqUPsjWbCSb3C6G2Q8d8qVio9ZNES3jD8h8=
X-Received: by 2002:a50:a402:: with SMTP id u2mr10778094edb.383.1614974134083; Fri, 05 Mar 2021 11:55:34 -0800 (PST)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 5 Mar 2021 11:55:22 -0800
Message-ID: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/dhNZvQImGcjR5T1H8zgp7DUBmro>
Subject: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 19:55:38 -0000

Dear WG,

I recognize that this is a pretty early draft and so I'm going to
focus on the aspects that are outlined that I think may be
problematic, rather than nitpick the clear and well written, although
somewhat incomplete text.

My first concern is that this draft doesn't play nicely with NTS. NTS
doesn't have a hierarchical record structure defined, deliberately to
avoid a well-trod class of security and correctness issues. An NTS way
to do this would be to unmake the PTP key grant structure and send a
NTP Next Protocol Negotiation field directly, and use new noncritical
PTP server or group negotiation messages. Obviously it's a bit
complicated by the layering of PTP.

My second concern is cryptographic. Instead of deriving the key from
the TLS handshake, the server sets it. We didn't do this in NTS for
NTP for a reason. The way we do forced key rotations is by getting new
tickets.

Group keys have weaker authentication and security properties than a
tree of unicast associations.

I think this is an important draft that covers a real usecase, but
should try to break the flow of NTS a bit less. I hope these comments
are useful.

Sincerely,
Watson Ladd

-- 
Astra mortemque praestare gradatim