IETF Logo Mail Archive

Re: [TICTOC] 答复: ´ð¸´: Please Comment on Practical Solutions for Encrypted Synchronization Protocol

Danny Mayer <mayer@ntp.org> Thu, 24 May 2012 03:16 UTC

Return-Path: <mayer@ntp.org>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF96921F85A7 for <tictoc@ietfa.amsl.com>; Wed, 23 May 2012 20:16:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.147
X-Spam-Level:
X-Spam-Status: No, score=-2.147 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ohJ7qDjLN-D for <tictoc@ietfa.amsl.com>; Wed, 23 May 2012 20:16:57 -0700 (PDT)
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by ietfa.amsl.com (Postfix) with ESMTP id 230F021F855A for <tictoc@ietf.org>; Wed, 23 May 2012 20:16:56 -0700 (PDT)
Received: from static-108-1-142-63.bstnma.east.verizon.net ([108.1.142.63] helo=[10.10.10.102]) by mail1.ntp.org with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1SXOXk-000G6j-RF; Thu, 24 May 2012 03:16:55 +0000
Message-ID: <4FBDA809.1020302@ntp.org>
Date: Wed, 23 May 2012 23:16:25 -0400
From: Danny Mayer <mayer@ntp.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Cui Yang <cuiyang@huawei.com>
References: <8CC0CB0BCAE52F46882E17828A9AE2161A032B90@SZXEML508-MBS.china.huawei.com> <4F575AF0.2060600@ntp.org> <4F58865C.7020707@cisco.com> <C72CBD9FE3CA604887B1B3F1D145D05E120650E6@szxeml528-mbx.china.huawei.com> <4F5898FE.2030407@cisco.com> <4F5BE35C.5040907@ntp.org> <C72CBD9FE3CA604887B1B3F1D145D05E1E8E023E@szxeml528-mbx.china.huawei.com> <4F5D7510.4090705@ntp.org> <8CC0CB0BCAE52F46882E17828A9AE2161A172B46@SZXEML508-MBS.china.huawei.com>
In-Reply-To: <8CC0CB0BCAE52F46882E17828A9AE2161A172B46@SZXEML508-MBS.china.huawei.com>
X-Enigmail-Version: 1.3.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 108.1.142.63
X-SA-Exim-Rcpt-To: cuiyang@huawei.com, zhangdacheng@huawei.com, tictoc@ietf.org
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Cc: "tictoc@ietf.org" <tictoc@ietf.org>
Subject: Re: [TICTOC] 答复: ´ð¸´: Please Comment on Practical Solutions for Encrypted Synchronization Protocol
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 03:16:58 -0000

I really need to put an analysis together, but in the meantime a few
comments inline. Sorry for the delay in responding, I've been rather busy.

On 3/12/2012 6:03 AM, Cui Yang wrote:
> Hi, Danny
> 
> Please see inline below.
> 
> ==================
>  Yang Cui,  Ph.D.
>  Huawei Technologies
>  cuiyang@huawei.com
> 
> 
>> -----邮件原件-----
>> 发件人: tictoc-bounces@ietf.org [mailto:tictoc-bounces@ietf.org] 代表
>> Danny Mayer
>> 发送时间: 2012年3月12日 12:01
>> 收件人: Dacheng Zhang(Dacheng)
>> 抄送: tictoc@ietf.org
>> 主题: Re: [TICTOC] 答复: ´ð¸´: Please Comment on Practical Solutions for
>> Encrypted Synchronization Protocol
>>
>> On 3/11/2012 10:05 PM, Dacheng Zhang(Dacheng) wrote:
>>> Hi, See the inline please..
>>>
>>>>> -----邮件原件-----
>>>>> 发件人: Danny Mayer [mailto:mayer@ntp.org]
>>>>> 发送时间: 2012年3月11日 7:27
>>>>> 收件人: stbryant@cisco.com
>>>>> 抄送: Dacheng Zhang(Dacheng); tictoc@ietf.org
>>>>> 主题: Re: ´ð¸´: [TICTOC] Please Comment on Practical Solutions
>> for
>>>>> Encrypted Synchronization Protocol
>>>>>
>>>>> On 3/8/2012 6:33 AM, Stewart Bryant wrote:
>>>>>> On 08/03/2012 11:08, Dacheng Zhang(Dacheng) wrote:
>>>>>>>>> I could see that if the *only* channel he has for data is encrypted
>>>>>>>>> then it would make sense to also send the timing encrypted.
>>>>>>>>> However it is not clear that this is the only channel available
>>>>>>>>> since there usually needs to be one in the clear to run the
>>>>>>>>> key exchange.
>>>>>>> [Dacheng Zhang] Do you mean there should be a IPsec AH channel or
>> ESP
>>>>> Null channel for key exchange?
>>>>>>> As far as I know, IKEv2 and IKE can secure themselves and don't need
>> an
>>>>> additional security channel to exchange keys.
>>>>>>>
>>>>>>>
>>>>>> My point is that unless there is something unusual about your system
>> the
>>>>>> two ends can exchange IP packets any time they wish and use of the
>>>>>> secure channel is always optional.
>>> [Dacheng Zhang]
>>> The condition that we have discussed is that the two ends are
>> connected with an insecure network, and they are mandated to generate an
>> IPsec channel. In this case, if we securely transport the timing
>> information. Should we re-use the ipsec encryption channel or generate a
>> new one?
>>
>> You lost me here. Why would you generate a new one if you already have
>> one? Is there some benefit to doing so?
> [Cui Yang] It is recommended to encrypt all traffic in existing IPsec tunnel, since there has existed one, though IPsec AH or ESP-NULL is more essential.
> 
>>
>>  If we use the ipsec encryption channel, then we need to
>> consider whether the encryption and the decryption of the timing packets
>> will introduce any error.
>>
>> Of course it will. You need to put the timestamp in the packet before it
> [Cui Yang] As we have analyzed in the new draft, encryption time has
no influence to two-step protocol, and decryption time could be
completely removed by using a "STEP method". So, there does exists
practical solution for synchronization with encrypted timing packets,
which does not decrease the time accuracy. Another proposal, is
"identifier encrypted timing packets", named as "STIP method" in Sec
3.2, see also draft-xu-tictoc-ipsec-security-for-synchronization.
> 
> Our new draft has described and explained this. 
> 

I apologize for not having had the time to read the new draft. I'll get
to it. I would need to know what this STEP method is.

>> gets put in the IPSec tunnel and the cost of the encryption of the
>> packets cannot be taken into account since you don't know a priori how
>> long it's going to take before it gets on the wire and you cannot have
>> the wire driver timestamp the packets as they go out. As I said before
> [Cui Yang] This is only talking about the constant
encryption/decryption delay case, as Tal just commented. But referring
to Tal's mail, there exists some concrete product using the exact method
to solve this problem.

The encryption/decryption delay is not constant, it will always be be
variable and different between encryption and decryption. If you are
already using an IPSec tunnel then you don't need to encrypt the packets
separately from the IPSec encryption, you just use what's in the IPSec
protocol. This is no different than sending packets over a standard
IP/UDP protocol stream. It's only different if you are sending packets
in the clear over IP/UDP.

> 
>> your error budget has just gone out the window and the encryption does
>> not benefit you in any way just because some document says to encrypt
>> all packets.
> [Cui Yang] This is not only from "some document", but from practical
requirements. Lots of security GWs and other devices have been designed
and deployed following the standard, which MUST support the
implementation of all transportation in IPsec tunnel.
> 
>>
>>>>>
>>>>> Exactly my point. The packets are already encrypted by IPSec so there is
>>>>> nothing further needed. You error budget probablu goes out the
>> window
>>>>> but at least noone else can read the packets. So what has been achieved
>>>>> here?
>>> [Dacheng Zhang]
>>> If a timing packet is encrypted, then we need to removed the error
>> introduced by the encryption and decryption... There can be multiple
>> ways and it would be nice if we can list them and give a compare. Not
>> very sure you like this idea.
>>
>> Which gets back to the original question of why you are encrypting them
>> in the first place. While you might be able to estimate or time how long
>> it took to decrypt the packet on the receiving system. assuming you have
>> a way of measuring that, you have no way of measuring this on the
>> sender's system as it will only know after it's completed that action
>> and its costs will be different on each end, not just because it takes
>> different lengths of time (usually) to encrypt than to decrypt but also
>> because the processor speeds are normally different. The only way for
>> the receiver to know how long it took for the sender to encrypt the
>> packet is if the sender sends a follow-on packet with this information.
> [Cui Yang] So,there are cases where accurate synchronization is
required when timing packets are transported in an encrypted way.

Encryption necessarily decreases accuracy and the question is whether or
not you can measure and re-mediate the effects of the
encryption/decryption processing.

Danny

v2.23.0 | Report a Bug | By Email