IETF Logo Mail Archive

[Ntp] Antw: Re: Antw: [EXT] Re: Post NTS, Is shared key authentication interesting?

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Wed, 27 May 2020 12:45 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D6B3A0E32 for <ntp@ietfa.amsl.com>; Wed, 27 May 2020 05:45:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pn_6OC7IpyDc for <ntp@ietfa.amsl.com>; Wed, 27 May 2020 05:45:18 -0700 (PDT)
Received: from mx1.uni-regensburg.de (mx1.uni-regensburg.de [194.94.157.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72A0A3A0E2F for <ntp@ietf.org>; Wed, 27 May 2020 05:45:18 -0700 (PDT)
Received: from mx1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 891F16000054 for <ntp@ietf.org>; Wed, 27 May 2020 14:45:14 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx1.uni-regensburg.de (Postfix) with ESMTP id 68CC6600004F for <ntp@ietf.org>; Wed, 27 May 2020 14:45:10 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Wed, 27 May 2020 14:45:11 +0200
Message-Id: <5ECE60D5020000A100039355@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Wed, 27 May 2020 14:45:09 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: kurt@roeckx.be
Cc: "ntp@ietf.org" <ntp@ietf.org>, Hal Murray <hmurray@megapathdsl.net>, mlichvar@redhat.com
References: <68248D4C020000916A6A8CFC@gwsmtp.uni-regensburg.de> <54A83DA70200003B43047E14@gwsmtp.uni-regensburg.de> <5ECE33E0020000A10003934B@gwsmtp.uni-regensburg.de> <20200527095536.GR2915@roeckx.be> <20200527100232.GS2915@roeckx.be>
In-Reply-To: <20200527100232.GS2915@roeckx.be>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/o3ua_33MXlU2o7F-V-9Vk0Nxe2E>
Subject: [Ntp] Antw: Re: Antw: [EXT] Re: Post NTS, Is shared key authentication interesting?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 12:45:21 -0000

>>> Kurt Roeckx <kurt@roeckx.be> schrieb am 27.05.2020 um 12:02 in Nachricht
<20200527100232.GS2915@roeckx.be>:
> On Wed, May 27, 2020 at 11:55:36AM +0200, Kurt Roeckx wrote:
>> On Wed, May 27, 2020 at 11:33:20AM +0200, Ulrich Windl wrote:
>> > >>> Hal Murray <hmurray@megapathdsl.net> schrieb am 26.05.2020 um 20:37
in
>> > Nachricht
>> > 
>
<15818_1590518253_5ECD61ED_15818_1499_1_20200526183714.6514740605C@ip-64-139-
> 1-6
>> > .sjc.megapath.net>:
>> > 
>> > [...]
>> > > 
>> > > Are crypto NACs interesting?  Is the added complexity worth the
benefit?
>> > > 
>> > > If all you get is "NAC", what do you do next when trying to debug
things?  
> 
>> > > What's different from what you would do if you didn't get any
reaponse?
>> > 
>> > Just assume on any error that can happen for a https connection you don't

> get
>> > a response...
>> > I fyou are in control of client AND server, you may not need crypto NACs.

> If
>> > you are in control of the server, you also may not need crypto nacs, but
if 
> you
>> > only have access to the client and the responses, crypto nacs seem
valuable
>> > IMHO.
>> > 
>> > > 
>> > > Should we have a separate extension type for Crypto NAC, possibly with
a 
>> > > text 
>> > > payload.  How many sub‑types are there?  Will that leak information? 
...
>> > 
>> > I think it will not leak more information than before. An optional
textual
>> > description seems like a good idea. Maybe the server could be restricted
to
>> > provide such, or not. A model like SMTP's extended status codes sounds
like 
> a
>> > good idea to me (codes for computers, messages for humans (and maybe 
> computers,
>> > too).
>> 
>> I'm not sure I fully understand what you're talking about, but
>> sending an error message that something with the crypto was bad
>> it a bad idea. You should pretend that everything was ok. An
>> attacker should not be able to see the difference between an ok
>> and a not ok message. Look for instance at the TLS RFCs what they
>> write about a Bleichenbacher attack.
> 
> Since we're talking about a shared (symatric) key, it's probably not
> that important.
> 

OK, I thought the discussion was more general. AFAIR there's no response if
improper authentication was supplied for symmetric keys.

> 
> Kurt

v2.23.0 | Report a Bug | By Email