IETF Logo Mail Archive

Re: [TICTOC] WGLC on NTS: Why not run over IPsec?

Sharon Goldberg <goldbe@cs.bu.edu> Thu, 24 March 2016 22:33 UTC

Return-Path: <sharon.goldbe@gmail.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BBEF12D967 for <tictoc@ietfa.amsl.com>; Thu, 24 Mar 2016 15:33:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jwcv5k_Q-wRK for <tictoc@ietfa.amsl.com>; Thu, 24 Mar 2016 15:33:11 -0700 (PDT)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB12612D965 for <tictoc@ietf.org>; Thu, 24 Mar 2016 15:33:10 -0700 (PDT)
Received: by mail-wm0-x22c.google.com with SMTP id p65so4280576wmp.0 for <tictoc@ietf.org>; Thu, 24 Mar 2016 15:33:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=f4tp8ZqKY2KQxqA+mE8qtvGm2Y/O+RW2go4WKIkppfc=; b=rsYr1ImfusRsGgm5GEnf1xl7Vn9CeSvHylfzDiIMMXPX79PmP/zH5v7ypoeZsJKjho XGJQRTcz9AEhst3/19dOQqLqMk0BsitPqjeeCpebY7AzVQzyycx/OsUMcR0Iud611/Qa s1vQaq33RoMh7zLf/oTVHqVCLLmRLIqO3uzzXxLz8Sg4hLjwv/9XVSO5g48MkaqI61In lzyLDFy30BozKcHq3mCjz7mv8tfJOpwUztUUr569kIyds7Gv1/6/u7DZH13bpb8PLg3Q ndV9qcQ5JDvaTvoJkONLZPhwUd/5AtCJClxl0yIpEMkiow6o+GLcpYFJchOHdGj2KS9E G5jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=f4tp8ZqKY2KQxqA+mE8qtvGm2Y/O+RW2go4WKIkppfc=; b=jJOPokfUgQckrCpsPnqkq9UmdqP9Zp8/Vgn5t4u+aM94TGiLzk6DHt8vwBRhtzPZzr 0dVWXErvl438gTgHFdPzhgtr2ycpS/dJ2HHu6Mh1anZ6CnmUVgI3lAEl3X6oW126aBqE eMXZsn1Fn/nVfNBZOunA6dWi/bxV7xHWr/IUwiMlTqXDFrh2CDb2uShoJkcXfr5pytsC iQTIrkZsOnwFrQ4Dfd6gfEaIHO0kLDjX8meE51W1L9Q8Wv65spfdLTnrrVy1qgZmvc8k 0HKp919+Q6m2NMGGsMpPGrgjebicMgG9fLMtKY1+wTnx3j6bnw2lRyI9P8wjidwgR7BU smAw==
X-Gm-Message-State: AD7BkJIOobZRloyzwyXNPIqFP2+y1n8vDjZ69Pb/Ce6xWqcYsgKtjDMcQ8Gt69iV7+ETJNXed8qs2dzGelDD7w==
X-Received: by 10.28.222.84 with SMTP id v81mr13438440wmg.42.1458858789138; Thu, 24 Mar 2016 15:33:09 -0700 (PDT)
MIME-Version: 1.0
Sender: sharon.goldbe@gmail.com
Received: by 10.194.242.35 with HTTP; Thu, 24 Mar 2016 15:32:29 -0700 (PDT)
From: Sharon Goldberg <goldbe@cs.bu.edu>
Date: Thu, 24 Mar 2016 18:32:29 -0400
X-Google-Sender-Auth: OZiYD48pd8Rh5y9XQARFfOA9Qg8
Message-ID: <CAJHGrrR=xrxQaXqLz9vzHN=w-i0ji_WCa-=FYLaYgZATZ-nXkg@mail.gmail.com>
To: kristof.teichel@ptb.de
Content-Type: multipart/alternative; boundary="001a114b0dbee7779d052ed30735"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tictoc/fwv_4eP8v7Bk3_gzj9PCjZJSz9U>
Cc: NTP Working Group <ntpwg@lists.ntp.org>, tictoc@ietf.org
Subject: Re: [TICTOC] WGLC on NTS: Why not run over IPsec?
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 22:33:14 -0000

>
> PPS: Out of curiosity: is there a mode for IPsec which does what NTS is
> trying to achieve (namely requiring on the server side neither a
> per-association state nor classic asymmetric cryptography like digital
> signatures)? If so, some text might be in order somewhere (NTP BCP
> document?), stating that if IPsec is used for securing NTP, said mode would
> be the best one to use.
>
> This is a really good question and I tried and failed to answer it so far.
IPsec is amazingly complex and easy to configure wrongly.  One thing that I
can tell so far is that traffic should be secured in "AH Transport" mode
but I cannot figure out what IPsec KE is appropriate.  It does seem that by
default IPsec uses mutual authentication of client and server, (while NTS
"MUST" accommodate one-sided authentication).  I wonder if IPsec also
supports one-sided authentication; at the moment I have not figured out
if/how this works.

Maybe if folks from this WG go to IETF (sadly I am not) someone could ask
one of the IPsec folks for advice on what KE they suggest?

Anyway I've talked to several friends who are who do research on crypto
flaws in practice, and they say the complexity of IPsec is both a barrier
to its adoption and also a security risk [1].

Sigh.

Sharon

[1] http://www.spiegel.de/media/media-35529.pdf
[2]
https://nohats.ca/wordpress/blog/2014/12/29/dont-stop-using-ipsec-just-yet/

v2.23.0 | Report a Bug | By Email