[TICTOC] security requirements
Douglas Arnold <doug.arnold@meinberg-usa.com> Mon, 21 July 2014 17:44 UTC
Return-Path: <doug.arnold2@gmail.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C781A00D2 for <tictoc@ietfa.amsl.com>; Mon, 21 Jul 2014 10:44:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTt47wp2E5PE for <tictoc@ietfa.amsl.com>; Mon, 21 Jul 2014 10:44:35 -0700 (PDT)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1CF21A01F9 for <tictoc@ietf.org>; Mon, 21 Jul 2014 10:44:23 -0700 (PDT)
Received: by mail-ig0-f181.google.com with SMTP id h3so3084993igd.14 for <tictoc@ietf.org>; Mon, 21 Jul 2014 10:44:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=20fGOkLwu1s/evYm+LA/NBGlXUHrtuZcUuDs+1VWqzg=; b=xCxm3FvMEFsVyCrTmF3DyaEHn8cLQ3aheJd5iMZV6kZRNUH2TQNg+Z14PSklZFN31S pr1hg9TKy0sfbox6bqtKqb+0KYkUxiSncAjht7e1Se8q5cPYzOEqJktHapUi53at2O5M cBvp03Ycl7kZhkCoAdXtzzjaIqzSVSgbnqZM9MNx6mhXhK19jBPQs+/DQqTnyALEw+Z6 /7bRierdXf0mLee0uMIhcNSJwfg2Su/VVUZtQ7hHEgN1xuial7F55OByP0mn/T6sUjrv sbIUWo1OmcnoyA/Lj+qbsvOCNaaw1QpQE8HKIH/tz4q7TVNitoIQVgwJuzXuUKKX6AbS MoQA==
MIME-Version: 1.0
X-Received: by 10.50.178.178 with SMTP id cz18mr7635539igc.13.1405964662981; Mon, 21 Jul 2014 10:44:22 -0700 (PDT)
Sender: doug.arnold2@gmail.com
Received: by 10.64.81.6 with HTTP; Mon, 21 Jul 2014 10:44:22 -0700 (PDT)
Date: Mon, 21 Jul 2014 13:44:22 -0400
X-Google-Sender-Auth: 5zvyIMtYRrdYN5ZlorxjlUz8V38
Message-ID: <CACQYgzGYwTwXjgV=uTMxp5tDWyf2E5v3eiPr4KXkG0FZbCmw7g@mail.gmail.com>
From: Douglas Arnold <doug.arnold@meinberg-usa.com>
To: "tictoc@ietf.org" <tictoc@ietf.org>
Content-Type: multipart/alternative; boundary="089e01538c944de51e04feb7a8fb"
Archived-At: http://mailarchive.ietf.org/arch/msg/tictoc/DDtj_3_znZVXVvjcRJlADIlAiXw
Subject: [TICTOC] security requirements
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 17:44:36 -0000
I have a couple of comments on the security requirements document: 1. First of all this document is a gem. So many elements of security are cataloged in such a brief document that it works as a handy reference guide. 2. In section 7.1 the author discusses the challenges of not impacting time transfer accuracy when one-step clocks are used in PTP. Given that one-step clocks are popular I wonder if the requirement that security not impact timing performance be a SHOULD rather than a MUST 3. It may be our of scope for this document, but it could be interesting to discuss the exploitation of timing protocols for use in DOS attacks against non-timing infrastructure. For example a node could request that PTP unicast sync messages be sent to a spoofed IP address. There are issues of this time possible with NTP as well. -- Doug Arnold Principal Technologist *JTime!* Meinberg USA +1-707-303-5559
- [TICTOC] security requirements Douglas Arnold