IETF Logo Mail Archive

Re: [Ntp] Pool and DNS

Hal Murray <halmurray@sonic.net> Sun, 23 October 2022 05:34 UTC

Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C52CC14CF16 for <ntp@ietfa.amsl.com>; Sat, 22 Oct 2022 22:34:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlP8RaJELZx0 for <ntp@ietfa.amsl.com>; Sat, 22 Oct 2022 22:34:31 -0700 (PDT)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0597C14F74B for <ntp@ietf.org>; Sat, 22 Oct 2022 22:34:31 -0700 (PDT)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (99-4-120-220.lightspeed.sntcca.sbcglobal.net [99.4.120.220]) (authenticated bits=0) by c.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 29N5YU2J030542 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Sat, 22 Oct 2022 22:34:30 -0700
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 6022728C1DB; Sat, 22 Oct 2022 22:34:30 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
To: ntp@ietf.org
cc: Hal Murray <halmurray@sonic.net>
From: Hal Murray <halmurray@sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 22 Oct 2022 22:34:30 -0700
Message-Id: <20221023053430.6022728C1DB@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVZtGyotoFFODYWMS5S+RwbdZCmmlSM/TaMlokp2FBu1qfJ25uensdk2scDWMMHhBvM4ITGLamGXlBAwWb7lrmzL
X-Sonic-ID: C;4LASXpRS7RGWRV5kR+6Zsg== M;gmspXpRS7RGWRV5kR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/oKnpbEvBbymnteWQLDaDrOc3O_4>
Subject: Re: [Ntp] Pool and DNS
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2022 05:34:36 -0000


marcus@dansarie.se said:
> I think you're basing this on a couple of false assumptions. First, I  don't
> know where the cookie lifetime of one day comes from. That's not specified
> in RFC 8915. In most cases, we would expect the cookie to be valid as long
> as the cookie encryption parameters shared between NTS-KE server and NTP
> server are not changed. This could potentially be a very long time.


Interesting.  Thanks for bringing up this issue.

The key for the cookies needs to rotate occasionally.  I'm not enough of a 
crypto geek to explain it.  There is a limited amount of data you can use with 
the same key before bad things happen.  How much depends on the algorithm.

I think there was some discussion on this list, I don't remember the details.  
One day seemed like a reasonable number.

RFC 8915, section 6, Suggested Format for NTS Cookies, says:
    Servers should periodically (e.g., once daily) generate a new
    pair '(I,K)' and immediately switch to using these values for
    all newly-generated cookies.

So one day is what I used in NTPsec.  (and my thinking)

The rest of that paragraph discusses keeping old keys, plural, but doesn't say 
anything about how many to keep.  One seemed like enough to me.  That provides 
a minimum of 24 hour lifetime and ntpd has a default max polling interval of 
1024 seconds.  I didn't consider any cases that would stash cookies for a long 
time.

You seen to have made the opposite assumption - that a server should support 
cookies for a long tlong ime.

It's easy to save a few old keys.  We should probably agree on some lifetime.

I'd be happy with 5 or 10.  365 seems unreasonable.

Is anybody keeping track of loose ends like this?


> We actually thought about pool applications when writing RFC 8915. The way to
> implement it is not very complicated: The pool administrator runs one or more
> NTS-KE servers. The NTS-KE servers have a shared key with each of the pool
> members and indicates which server the cookies are valid for using a NTPv4
> Server Negotiation NTS-KE record.

There are 2 issues with that approach.

The first is that the servers in the pool are not vetted.  There is nothing 
that keeps a bad guy from adding his servers to the pool.  NTS would guarantee 
that you got time from the intended server but not that the time was good.  I 
think we should avoid that false sense of security.

Second, there is no established protocol between NTS-KE servers and NTP 
servers.

NTPsec packages the KE server with ntpd so there is no need for that protocol. 
 I don't know of any split implementations.  So as a practical matter, it 
would be hard to put together a pool using that mechanism with available code.


Miroslav: What does chrony do?



-- 
These are my opinions.  I hate spam.

v2.23.0 | Report a Bug | By Email