[Ntp] Antw: [EXT] Re: New Version Notification for draft‑gruessing‑ntp‑ntpv5‑requirements‑03.txt
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Tue, 19 October 2021 09:29 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B54E3A096F for <ntp@ietfa.amsl.com>; Tue, 19 Oct 2021 02:29:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOxPLjmuOGcp for <ntp@ietfa.amsl.com>; Tue, 19 Oct 2021 02:29:38 -0700 (PDT)
Received: from mx4.uni-regensburg.de (mx4.uni-regensburg.de [194.94.157.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A0A73A0977 for <ntp@ietf.org>; Tue, 19 Oct 2021 02:29:36 -0700 (PDT)
Received: from mx4.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id AFB476000051 for <ntp@ietf.org>; Tue, 19 Oct 2021 11:29:32 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx4.uni-regensburg.de (Postfix) with ESMTP id 9C2806000052 for <ntp@ietf.org>; Tue, 19 Oct 2021 11:29:31 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Tue, 19 Oct 2021 11:29:32 +0200
Message-Id: <616E8FFA020000A100044948@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.3.1
Date: Tue, 19 Oct 2021 11:29:30 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: james.ietf@gmail.com, mlichvar@redhat.com
Cc: "ntp@ietf.org" <ntp@ietf.org>, doug.arnold@meinberg-usa.com
References: <163386015957.12424.6997038478834885480@ietfa.amsl.com> <CAO+dDx=6baLhf9LwSMvR1F0ieuLO6NXmExYLDvcCF2tgchHs8w@mail.gmail.com> <DB8PR02MB5772AC97BFE2D7C1139EFDC0CFB89@DB8PR02MB5772.eurprd02.prod.outlook.com> <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com> <YW2FvUiaHC/hbxkG@localhost> <C953CCDB-8338-4CD8-BFB2-7DC1F880B341@gmail.com> <YW5w4OPTrVLVQPdA@localhost>
In-Reply-To: <YW5w4OPTrVLVQPdA@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/i1x1r2Bv27qQp_eOg5xi5H7AFUA>
Subject: [Ntp] Antw: [EXT] Re: New Version Notification for draft‑gruessing‑ntp‑ntpv5‑requirements‑03.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2021 09:29:41 -0000
>>> Miroslav Lichvar <mlichvar@redhat.com> schrieb am 19.10.2021 um 09:16 in Nachricht <YW5w4OPTrVLVQPdA@localhost>: > On Mon, Oct 18, 2021 at 06:47:13PM +0200, James wrote: >> > On 18 Oct 2021, at 16:33, Miroslav Lichvar <mlichvar@redhat.com> wrote: >> > For NTPv5 to be successful in replacing NTPv4, I think it needs to >> > support no authentication, symmetric keys and NTS. >> >> As I said to you last year, no authentication is fine but the protocol MUST > prevent downgrade of it ‑ to be explicit, an untrusted adversary removing it. > > The format of the message itself should make it impossible for the > authentication to be removed? I think there always needs to be an > authenticator field, which can be removed or zeroed out by the > attacker. If the implementation does not check the field correctly, it > will accept an unauthenticated message. I think that's an > implementation issue, not a protocol issue. So it seems the authentication being requested has to be authentic ;-) Unfortunately as the key to use is the key to "sign" the message (classic symmetric keys), you cannot request key 0 (for unauthenticated) signed with key 0, because everybody can create such a "signature". At the moment the server configuration determines the authentication to be accepted, not the on-wire protocol. Regards, Ulrich
- [Ntp] Fwd: New Version Notification for draft-gru… James
- [Ntp] Antw: [EXT] Fwd: New Version Notification f… Ulrich Windl
- Re: [Ntp] Fwd: New Version Notification for draft… Doug Arnold
- [Ntp] Antw: [EXT] Re: Fwd: New Version Notificati… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Doug Arnold
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Hal Murray
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Tony Finch
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Tony Finch
- [Ntp] Antw: Re: Re: Antw: [EXT] Re: New Version N… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… Dieter Sibold
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Martin Burnicki
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… Hal Murray
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Martin Burnicki
- Re: [Ntp] New Version Notification for draft-grue… Doug Arnold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Doug Arnold
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… James
- [Ntp] Antwort: Re: New Version Notification for d… kristof.teichel
- [Ntp] Antwort: Re: Antw: [EXT] Re: New Version No… kristof.teichel
- Re: [Ntp] Antwort: Re: New Version Notification f… Doug Arnold
- Re: [Ntp] Antwort: Re: New Version Notification f… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Steve Allen
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New Ver… Ulrich Windl
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New Ver… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Antw: [EXT] R… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Doug Arnold
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Denis Reilly
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Doug Arnold
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Martin Burnicki
- Re: [Ntp] changes in length of day, was Re: New V… Tony Finch
- [Ntp] Antw: Re: [EXTERNAL] Re: Antw: Re: Antw: Re… Ulrich Windl