IETF Logo Mail Archive

Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt

Miroslav Lichvar <mlichvar@redhat.com> Tue, 19 October 2021 07:17 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67F253A07AA for <ntp@ietfa.amsl.com>; Tue, 19 Oct 2021 00:17:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WjBG7z1-gFK for <ntp@ietfa.amsl.com>; Tue, 19 Oct 2021 00:17:06 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 799EB3A07A3 for <ntp@ietf.org>; Tue, 19 Oct 2021 00:17:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634627825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ki0oA53I1VySmbXaND4Sja7RlvJ+ueegl5uiETjciC0=; b=H+/c9Z+TAKi0GHDGM14JGo7Kpt5FDOv0q07wWVBt4VSs3i17rkEtwDOPnx2OY9xKUZSKzA wARCKgm617L3BVTpPGl50tRt6nRdN8PAcyQq9+wr1IQAL519TrETcHYg9rBD7TCBAsOvnb ggTl19IDT/hKmtmvOmFRKsLhpG8Wcok=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-474-UQ0A5YTWMvKWwGtxv9h0pA-1; Tue, 19 Oct 2021 03:17:00 -0400
X-MC-Unique: UQ0A5YTWMvKWwGtxv9h0pA-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EF3DA1006AA7; Tue, 19 Oct 2021 07:16:58 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E4BE560C17; Tue, 19 Oct 2021 07:16:56 +0000 (UTC)
Date: Tue, 19 Oct 2021 09:16:48 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: James <james.ietf@gmail.com>
Cc: Doug Arnold <doug.arnold@meinberg-usa.com>, NTP WG <ntp@ietf.org>
Message-ID: <YW5w4OPTrVLVQPdA@localhost>
References: <163386015957.12424.6997038478834885480@ietfa.amsl.com> <CAO+dDx=6baLhf9LwSMvR1F0ieuLO6NXmExYLDvcCF2tgchHs8w@mail.gmail.com> <DB8PR02MB5772AC97BFE2D7C1139EFDC0CFB89@DB8PR02MB5772.eurprd02.prod.outlook.com> <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com> <YW2FvUiaHC/hbxkG@localhost> <C953CCDB-8338-4CD8-BFB2-7DC1F880B341@gmail.com>
MIME-Version: 1.0
In-Reply-To: <C953CCDB-8338-4CD8-BFB2-7DC1F880B341@gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ifgxEKZUidfRkLHaqeTDGyJrDBQ>
Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2021 07:17:10 -0000

On Mon, Oct 18, 2021 at 06:47:13PM +0200, James wrote:
> > On 18 Oct 2021, at 16:33, Miroslav Lichvar <mlichvar@redhat.com> wrote:
> > For NTPv5 to be successful in replacing NTPv4, I think it needs to
> > support no authentication, symmetric keys and NTS.
> 
> As I said to you last year, no authentication is fine but the protocol MUST prevent downgrade of it - to be explicit, an untrusted adversary removing it.

The format of the message itself should make it impossible for the
authentication to be removed? I think there always needs to be an
authenticator field, which can be removed or zeroed out by the
attacker. If the implementation does not check the field correctly, it
will accept an unauthenticated message. I think that's an
implementation issue, not a protocol issue.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email