[ntpwg] Unlinkability formulations in merged draft "NTS-4-NTP"
kristof.teichel@ptb.de Wed, 08 March 2017 13:50 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 700AD12962A for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 8 Mar 2017 05:50:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AIO2Ug3TzFNS for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 8 Mar 2017 05:50:00 -0800 (PST)
Received: from lists.ntp.org (psp3.ntp.org [185.140.48.241]) by ietfa.amsl.com (Postfix) with ESMTP id B7AEB12943C for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 8 Mar 2017 05:50:00 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [10.224.90.243]) by lists.ntp.org (Postfix) with ESMTP id 6A85D86DB1B for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 8 Mar 2017 13:50:00 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (fortinet.ntp.org [10.224.90.254]) by lists.ntp.org (Postfix) with ESMTP id 9028286DAED for <ntpwg@lists.ntp.org>; Wed, 8 Mar 2017 13:48:57 +0000 (UTC)
Received: from mx1.bs.ptb.de ([192.53.103.120]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <kristof.teichel@ptb.de>) id 1clbxP-000FGp-Bl for ntpwg@lists.ntp.org; Wed, 08 Mar 2017 13:48:57 +0000
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id v28Dmjp4009736-v28Dmjp6009736 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ntpwg@lists.ntp.org>; Wed, 8 Mar 2017 14:48:45 +0100
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id ABE422FB1D0 for <ntpwg@lists.ntp.org>; Wed, 8 Mar 2017 14:48:45 +0100 (CET)
To: ntpwg@lists.ntp.org
MIME-Version: 1.0
Message-ID: <OFDFA8201C.9FF6AA26-ONC12580DD.004A82AE-C12580DD.004BEDC7@ptb.de>
From: kristof.teichel@ptb.de
Date: Wed, 08 Mar 2017 14:48:30 +0100
X-SA-Exim-Connect-IP: 192.53.103.120
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: kristof.teichel@ptb.de
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: [ntpwg] Unlinkability formulations in merged draft "NTS-4-NTP"
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8114995320448134141=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
Hello all, we have made a few changes to the merged draft (have been pushed to the repository at https://github.com/dfoxfranke/nts) after some discussion with Aanchal. These changes are about the formulation of the text regarding unlikability. We would welcome any comments or suggestions. The relevant text in Section "Objectives": - Privacy: NTS preserves unlinkability, i. e. it does not leak data that would allow an attacker to track mobile NTP clients when they move between networks. Note that unlinkability is not guaranteed for devices that function as servers as well as clients, see [link to Section "Privacy Considerations"]. The relevant text in Section "Privacy Considerations": Unlinkability shall prevent that a device can be tracked when it changes networ adresses (e.g. because said device moved between different networks). This is to say that an attacker shall be unable to link a new address with one that was formerly used by the device, because of recognizable data that the device persistently sends as part of an NTS-secured NTP association. This is the justification for continually supplying the client with fresh cookies, so that a cookie never represents recognizable data in the sense outlined above. Note that the objective of NTS regarding unlinkability is merely to not leak any additional data that would cause linkability. NTS does not rectify legacy linkability issues that are already present in NTP. To minimize the risk of being tracked by a passive adversary the NTP client has to minimize the information it transmits within a client request (mode 3 packet) as described in the draft "draft-dfranke-ntp-data-minimization" Also, the objective only holds for actual time synchronization traffic, as opposed to key exchange traffic. This implies that it cannot be guaranteed for devices that function not only as time clients, but also as time servers (because the latter can be externally triggered to send authentication data). What do people here think? Best regards, Kristof
_______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- [ntpwg] Unlinkability formulations in merged draf… kristof.teichel
- Re: [ntpwg] Unlinkability formulations in merged … Sharon Goldberg
- Re: [ntpwg] Unlinkability formulations in merged … Sharon Goldberg
- Re: [ntpwg] Unlinkability formulations in merged … Sharon Goldberg