IETF Logo Mail Archive

Re: [ntpwg] [Ntp] Follow-up to yesterday's mic comment about PTP security

"Steve Guendert" <Steve.Guendert@ibm.com> Tue, 23 July 2019 17:53 UTC

Return-Path: <Steve.Guendert@ibm.com>
X-Original-To: ntpwg@ietfa.amsl.com
Delivered-To: ntpwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DB2312071A for <ntpwg@ietfa.amsl.com>; Tue, 23 Jul 2019 10:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opmFwA2GyAIu for <ntpwg@ietfa.amsl.com>; Tue, 23 Jul 2019 10:53:40 -0700 (PDT)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02A37120711 for <ntpwg@ietf.org>; Tue, 23 Jul 2019 10:53:36 -0700 (PDT)
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6NHqBBc016251 for <ntpwg@ietf.org>; Tue, 23 Jul 2019 13:53:36 -0400
Received: from smtp.notes.na.collabserv.com (smtp.notes.na.collabserv.com [192.155.248.74]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tx60q2gpp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ntpwg@ietf.org>; Tue, 23 Jul 2019 13:53:36 -0400
Received: from localhost by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP for <ntpwg@ietf.org> from <Steve.Guendert@ibm.com>; Tue, 23 Jul 2019 17:53:34 -0000
Received: from us1a3-smtp06.a3.dal06.isc4sb.com (10.146.103.243) by smtp.notes.na.collabserv.com (10.106.227.92) with smtp.notes.na.collabserv.com ESMTP; Tue, 23 Jul 2019 17:53:32 -0000
Received: from us1a3-mail262.a3.dal06.isc4sb.com ([10.146.127.55]) by us1a3-smtp06.a3.dal06.isc4sb.com with ESMTP id 2019072317533177-704199 ; Tue, 23 Jul 2019 17:53:31 +0000
To: ntpwg@ietf.org
From: Steve Guendert <Steve.Guendert@ibm.com>
Date: Tue, 23 Jul 2019 13:53:31 -0400
X-KeepSent: 1EB5F5CD:2EB5DB40-85258440:006150FE; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 10.0.1FP1 March 26, 2019
X-LLNOutbound: False
X-Disclaimed: 63399
X-TNEFEvaluated: 1
Content-type: multipart/related; Boundary="0__=0ABB0ED3DFF2D66E8f9e8a93df938690918c0ABB0ED3DFF2D66E"
x-cbid: 19072317-3165-0000-0000-0000006C1CA8
X-IBM-SpamModules-Scores: BY=0; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.387138; ST=0; TS=0; UL=0; ISC=; MB=0.000033
X-IBM-SpamModules-Versions: BY=3.00011483; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000287; SDB=6.01236392; UDB=6.00651648; IPR=6.01017749; MB=3.00027857; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-23 17:53:33
X-IBM-AV-DETECTION: SAVI=unsuspicious REMOTE=unsuspicious XFE=unused
X-IBM-AV-VERSION: SAVI=2019-07-23 12:31:32 - 6.00010200
x-cbparentid: 19072317-3166-0000-0000-000000A798DA
Message-Id: <OF1EB5F5CD.2EB5DB40-ON85258440.006150FE-85258440.00624899@notes.na.collabserv.com>
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-23_07:, , signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntpwg/2L4l3EaYFJAqvUqEopTrcYV2hOg>
Subject: Re: [ntpwg] [Ntp] Follow-up to yesterday's mic comment about PTP security
X-BeenThere: ntpwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NTPWG list <ntpwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntpwg>, <mailto:ntpwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntpwg/>
List-Post: <mailto:ntpwg@ietf.org>
List-Help: <mailto:ntpwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntpwg>, <mailto:ntpwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 17:53:44 -0000


Its not so simple and the PTP boat has already left the dock.  When you
have the largest financial institutions in the world, and large government
organizations  doing their own research (PTP vs NTP) , and telling you that
they  no longer want to have NTP as the only option and want to be able to
use PTP, guess what.   You develop the technology and the capabilities
being asked for.


----- Message from Daniel Franke <dfoxfranke@gmail.com> on Tue, 23 Jul 2019
12:19:33 -0400 -----
                                                            
      To: NTP WG <ntp@ietf.org>                             
                                                            
 Subject: [Ntp] Follow-up to yesterday's mic comment about  
          PTP security                                      
                                                            

My comments yesterday about PTP security shifted context a few times
so it may have been hard to follow what I was claiming. My assertions
were:

1. If you need 50ms precision, pick some good public NTP servers and use
NTS.

2. If you need 100µs precision, colocate a time source in the same
datacenter as the client systems. Use NTP and NTS; you don't need PTP
for this.

3. If you need 1µs precision, use PTP and physically secure the link
between the time source and the clients so that cryptographic
authentication is unnecessary.

4. If you need 1µs precision over an adversarial network, good luck!
This is simply not achievable and no amount of cryptographic pixie
dust is ever going to save you.


_______________________________________________
ntp mailing list
ntp@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_ntp&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=dnqYsHrrVRSypZ48WZIgRYgKABCdVEOsjIfUjPARpGM&m=L5DEVtw3ew_HIJLSbD9dGfs7dQOlwd6undZleLc4UfA&s=5IJqsAZ1c4UK0ng1NTk3uMG1lxar5YzIJ7-O_slcl24&e=


                                                                                      
   Regards,                                                                           
                                                                                      
   Steve                                                                              
                                                                                      
                                                                                      
                                                                                      
   Steve Guendert, Ph.D.                                                              
   IBM Z Hardware Systems Architect                                                   
   IBM Z Engineering and Development                                                  
   My  IBM Research Homepage                                                          
                                                                                      
   Member, IBM Academy of Technology                                                  
   Member, Mainframe Hall of Fame                                                     
                                                                                      


                                                                                                                                  
                                                                                                                                  
                                                                                                                                  
   Phone: 1-845-433-3664 | Mobile: 1-614-397-2322                                                                             IBM 
   E-mail: Steve.Guendert@ibm.com                                                                                                 
   Chat:Sametime:  Stephen R (Steve) Guendert                                                                  2455 South Rd Bldg 
   Find me on: LinkedIn: https://www.linkedin.com/in/stephenguendert/ Twitter:                                          707-1-C38 
   https://twitter.com/DrSteveGuendert and within IBM on: IBM Connections:                                       Poughkeepsie, NY 
   https://w3-connections.ibm.com/profiles/html/profileView.do?email=Steve.Guendert@ibm.com#&tabinst=Updates           12601-5400 
                                                                                                                    United States

v2.23.0 | Report a Bug | By Email