IETF Logo Mail Archive

Re: [Ntp] NTPv5 draft

Magnus Danielson <magnus@rubidium.se> Tue, 08 December 2020 15:53 UTC

Return-Path: <magnus@rubidium.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B57CE3A0FEC for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 07:53:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rubidium.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PWmSnvsjFEV for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 07:53:23 -0800 (PST)
Received: from pio-pvt-msa3.bahnhof.se (pio-pvt-msa3.bahnhof.se [79.136.2.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 991133A0FEA for <ntp@ietf.org>; Tue, 8 Dec 2020 07:53:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by pio-pvt-msa3.bahnhof.se (Postfix) with ESMTP id 568553F60B for <ntp@ietf.org>; Tue, 8 Dec 2020 16:53:18 +0100 (CET)
Authentication-Results: pio-pvt-msa3.bahnhof.se; dkim=pass (2048-bit key; unprotected) header.d=rubidium.se header.i=@rubidium.se header.b=W0+CyL2V; dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
Received: from pio-pvt-msa3.bahnhof.se ([127.0.0.1]) by localhost (pio-pvt-msa3.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WUDgHSzTYVig for <ntp@ietf.org>; Tue, 8 Dec 2020 16:53:16 +0100 (CET)
Received: by pio-pvt-msa3.bahnhof.se (Postfix) with ESMTPA id DD33D3F5CE for <ntp@ietf.org>; Tue, 8 Dec 2020 16:53:16 +0100 (CET)
Received: from machine.local (unknown [192.168.0.15]) by magda-gw (Postfix) with ESMTPSA id 29B8B9A04FB; Tue, 8 Dec 2020 16:53:16 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rubidium.se; s=rubidium; t=1607442796; bh=TYZPYBr0nHBgsxrbCLfFPhz8XZaZRwKK5EV1IzT93Gs=; h=Cc:Subject:To:References:From:Date:In-Reply-To:From; b=W0+CyL2V1uvc76/r5jf7L53sRBweeKy6qnr6i/p/ABNYjFv/1Z9wUD4Y4ZZ0uOb6C 4MiR94WAiI3IL2pH3r+MuYPcfLL7ZAGPMI7n6vnkA+AC1sYn6sgfFKQhOnSLdmi4Fl ZdxlH3lGHAFASPEAVy8nfRzk9SqsQFG1R+Yapk+EqnTTUsbJvktw2ZyWzrZHaoZ93l 4EVVKil5vC1A0EwmCKHM6tkilhiS97jMmk+PNngrxKtFXHV6dkS+5lLtu59rZIHOiU vTAvIOKnaKIBZgGwwPmxns0IVMLZ+XhlBeklHq/257UjqtbM2XASEnTkLwvGXLlWgd ioouiqnoCCfVw==
Cc: magnus@rubidium.se
To: ntp@ietf.org
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost> <F62C1325-8409-474C-9650-FA96405D0F4B@gmail.com> <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com> <20201208095046.GT2352378@localhost> <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com> <3314193a-a430-8db8-b72c-8443dcc1f125@dansarie.se>
From: Magnus Danielson <magnus@rubidium.se>
Message-ID: <4ab54344-fa4d-5719-db63-0555ce190643@rubidium.se>
Date: Tue, 08 Dec 2020 16:53:15 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <3314193a-a430-8db8-b72c-8443dcc1f125@dansarie.se>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/j-apLR30oyATAnFFXNMqsblS0Dc>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 15:53:28 -0000

Marcus,

On 2020-12-08 15:50, Marcus Dansarie wrote:
> On 2020-12-07 17:38, Salz, Rich wrote:
>> My view is that it is no longer acceptable to design a protocol for
> deployment on the open Internet that has no authentication or message
> integrity and that people who disagree are out of consensus.
>
> On 2020-12-07 23:25, Philip Prindeville wrote:
>> I think that “private networks” and the notion of “the Intranet as
> implicitly secure” and the term “inside the perimeter” will fall by the
> wayside before 2030.
>
>> Those that don’t think they need security inside their perimeter are
> simply those that haven’t had an insider attack, or someone bring in a
> contaminated laptop onto the campus network, etc… or haven’t yet
> realized that they have.
>
> On 2020-12-08 15:20, Salz, Rich wrote:
>> I'll claim that I already have, but to restate and scale it down a
> bit: all messages sent by a server must include authentication and
> tamper-proof. I do not believe anything less is acceptable these days.
>
> Add me to the list of proponents of mandatory security in NTPv5.
> Protocols being designed today MUST enforce security. The problem we
> have to address is how to achieve this in a way that aligns with users'
> needs. Someone setting up an appliance for personal use, on an intranet,
> or airgapped network might not be interested in keeping certificates
> updated, distributing keys or stuffing them in DNS, and such. Trust on
> first use may be an acceptable scheme in those cases.

Agree fully. You bring up a point which I think not all is appreciating.
While we may develop protocols for the Internet, does not mean that they
actually have access to the network, or that such access is open in any
normal sense. For such air-gaped networks update cycles can also be long
enough that for instance leap-second file cannot be sent along each
upgrade to ensure correct leap-second list that way.

So, this just comes to illustrate that the user of the technology may be
facing very different requirements. However, we see that most users
experience such threats over their network, public internet or not, that
security mechanisms needs to be assumed mandatory for most. So, rather
view it as an added feature, flip the view around and look at the normal
case being that with security enabled, and then for those odd cases for
which it is neither needed or practical, consider the non-secured case a
special case.

Also, we should consider that the security mechanisms as well as their
artefacts such as certificates, is in constant albeit slow change. We
should therefore always view this as a constant migration. This is
important both as we design protocols and deploy them, but also as we
put requirements on systems and they are procured and put in operation
and then maintained, the migration may be very controlled, but also ongoing.

Cheers,
Magnus

v2.23.0 | Report a Bug | By Email