Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-ntp-using-nts-for-ntp-23: (with DISCUSS and COMMENT)
Kurt Roeckx <kurt@roeckx.be> Sun, 22 March 2020 23:39 UTC
Return-Path: <kurt@roeckx.be>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 386983A0907; Sun, 22 Mar 2020 16:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n2AB8mfBxFum; Sun, 22 Mar 2020 16:39:33 -0700 (PDT)
Received: from excelsior.roeckx.be (excelsior.roeckx.be [IPv6:2a05:7300:0:100::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA58E3A0852; Sun, 22 Mar 2020 16:39:32 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by excelsior.roeckx.be (Postfix) with ESMTP id 6F377A8A06C3; Sun, 22 Mar 2020 23:39:30 +0000 (UTC)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id 4CF321FE0CC4; Mon, 23 Mar 2020 00:39:30 +0100 (CET)
Date: Mon, 23 Mar 2020 00:39:30 +0100
From: Kurt Roeckx <kurt@roeckx.be>
To: Ragnar Sundblad <ragge@netnod.se>
Cc: Benjamin Kaduk <kaduk@MIT.EDU>, ntp-chairs@ietf.org, ntp@ietf.org, Karen O'Donoghue <odonoghue@isoc.org>, The IESG <iesg@ietf.org>, draft-ietf-ntp-using-nts-for-ntp@ietf.org
Message-ID: <20200322233930.GK22330@roeckx.be>
References: <158388613361.15157.697889274707951578@ietfa.amsl.com> <D92AF7D4-3CFC-42FB-A8C0-405C98B76658@netnod.se> <20200319212155.GL50174@kduck.mit.edu> <415F5AF0-7F99-42F7-BA8A-FC21A8D3B875@netnod.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <415F5AF0-7F99-42F7-BA8A-FC21A8D3B875@netnod.se>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/uptu7fW07Lasqy8UGNgNsnGCKxs>
Subject: Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-ntp-using-nts-for-ntp-23: (with DISCUSS and COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2020 23:39:53 -0000
On Sun, Mar 22, 2020 at 05:47:16PM +0100, Ragnar Sundblad wrote: > > > > Section 9 > > > > > > > > We should probably have some discussion of the consequences of > > > > compromise of the server's cookie-encryption key. Possibly also for > > > > when the key associated with a cookie is compromised from a client, > > > > though if cookies are single-use the scope may be quite limited. (That > > > > is, since we are using the shared symmetric key for authentication by > > > > virtue of "I didn't send it so it must be from the other party that has > > > > the key".) > > > > > > NTP and NTS-KE server operators are expected to remove compromised keys as soon > > > as the compromise is discovered. This would cause the NTP servers to respond > > > with NTS NAK, thus forcing key renegotiation. We are aware that this does > > > not protect against MITM attacks where the attacker has access to a > > > compromised cookie encryption key. > > > > I did not doubt that you are aware of this; the question is whether all > > future readers of this document will similarly be aware. > > Right, we added a new section ("Key Compromise") to describe the > problem and how it should be handled. I think this is at least a step in the right direction. I think there are 2 keys: - The key for the X.509 certificate - The key that is negiotatiated during NTS-KE Both of them can be compromised, and I think the new section only talks about the 2nd key, and talks about how to deal with that event, but I think it's also important to deal with the first key. Kurt
- [Ntp] Benjamin Kaduk's Discuss on draft-ietf-ntp-… Benjamin Kaduk via Datatracker
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Franke, Daniel
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Ragnar Sundblad
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Ragnar Sundblad
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Kurt Roeckx
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Sandra Murphy
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Ragnar Sundblad
- Re: [Ntp] Benjamin Kaduk's Discuss on draft-ietf-… Sandra Murphy