ntp - Friday, October 14, 2016

ntp

ntp@jabber.ietf.org

Friday, October 14, 2016< ^ >

Room Configuration

Room Occupants

GMT+0
[14:04:46] Samuel Weiler joins the room
[14:22:18] stewart.bryant joins the room
[14:24:02] rsalz joins the room
[14:24:41] Sebastian Pflieger joins the room
[14:27:05] Karen O'Donoghue joins the room
[14:27:09] Karen O'Donoghue leaves the room
[14:27:19] Karen O'Donoghue joins the room
[14:27:42] <Karen O'Donoghue> whew… what a chaotic start…
[14:27:53] <Karen O'Donoghue> can you hear dieter?
[14:32:07] <rsalz> yes
[14:35:02] <stewart.bryant> Sorry if this is well known, but how do you use a certifcate to validate time without having time to validate the certificate?
[14:36:04] <Samuel Weiler> (Since we have working Webex, I'm assuming this is side channel.  Stewart: if you want relay, please ask for it explicitly.)
[14:36:13] <rsalz> you assume that you have coarse time, like 12 or 24 hours, and then boot up into more secure.  there is no magic bullet.
[14:36:33] <rsalz> (BTW, can kyle or daniel ping me via akamai IM)
[14:37:09] <Karen O'Donoghue> kyle is working on it…
[14:37:32] <rsalz> tnx
[14:41:04] <Karen O'Donoghue> from kristoff...
[14:41:05] <Karen O'Donoghue> One comment: clients who want time fast and do not care about security can still use plain unsecured NTP, right? Only the use of NTP packets which carry NTS key exchange material is explicitly forbidden.
[14:41:18] <Karen O'Donoghue> (he can't get jabber from his mobile device… i hate technology)
[14:41:20] Kyle Rose joins the room
[14:46:02] danny joins the room
[14:50:29] <Samuel Weiler> topics for today:
are optional KE    mechanisms allowed?
privacy     (if yes, is the current approach sufficient?)
[this from dieter's slide 5]
[14:51:14] <rsalz> my laptop mic is borked.  i'll type here if i have anything to say.
[14:51:27] Haydn Kennedy joins the room
[14:51:33] <Kyle Rose> I figured it was laryngitis
[14:53:09] <Samuel Weiler> sharon: unauthenticated v. rate limiting: has it been resolved?  Daniel: I think there's still conflict
[14:53:18] <Samuel Weiler> … and I'd like a consensus on this today.
[14:53:37] <Samuel Weiler> … everyone but mirislav would prefer thatkey establish be on a separate port, so no need to worry re rate limiting
[14:53:46] <Samuel Weiler> … mirislav is worried about firewall issues
[14:53:56] <Samuel Weiler> … but i think he's the only one w/ that concern
[14:54:15] <Samuel Weiler> … I'd prefer a separate port or both options (as in draft), but I want a decision today.
[14:54:53] <rsalz> @Sam: you're gonna burn out if you keep recording that level of detail.  Feel free to just note topics and what you think are the major points.  And definitley DO record decisions.
[14:55:01] <Samuel Weiler> i know.
[14:55:23] <Samuel Weiler> (it's a habit picked up from w3c in the last few months.)
[14:55:38] <rsalz> I miss their chat->minutes tooling.
[14:55:57] <Samuel Weiler> that is something I think they do really well.  I'd like to see it more broadly adopted.
[14:56:30] <Samuel Weiler> list of topics now:
[14:56:44] <Samuel Weiler> 1) privacy/unliankbilty,
[14:56:54] <Samuel Weiler> 2a) unatuh v. rate limiting
[14:57:02] <Samuel Weiler> 2b) ke over ntp extension field
[14:57:09] <Samuel Weiler> 3) are option ke mechanisms allowed
[14:57:18] <Samuel Weiler> optional
[14:59:26] <rsalz> Probably a better strategic direction is QUIC or DTLS 1.3 when its done.  DTLS now for the modes where it makes sense seems tactically okay
[15:01:57] <Sebastian Pflieger> i agree QUIC or DTLS 1.3 would be a better direction
[15:02:13] <rsalz> By QUIC I mean the way QUIC will use TLS 1.3 key exchange.  "key exchange as a service"
[15:02:22] <Samuel Weiler> want to speak up and say that?
[15:02:41] <rsalz> can't.  feel free to relay that for me.
[15:07:41] <rsalz> mic:  DTLS puts some stream semantics on UDP.  It has to do so.  TLS 1.3/QUIC will break that
[15:08:11] <rsalz> mic: Not break, but will rather untangle those semantics, leaving transport vs key-ex separate items.
[15:08:45] <rsalz> DTLS main use VPN.  Secondarily WebRTC
[15:09:22] <Kyle Rose> Thanks
[15:11:14] <stewart.bryant> Surely if you know the max time to encrypt you can forward date and delay transmission?
[15:11:28] <Samuel Weiler> re: Rich's point re: capturing decisions:  you folks can help, too, if I'm missing something key, type it in.
[15:20:14] <stewart.bryant> Surely that depends on the memory that those devices have.
[15:20:14] Samuel Weiler leaves the room
[15:27:26] <rsalz> no, it's the same as TCP interfface
[15:27:39] <rsalz> you can do what you want, read/write to memroy, but it's not clunky
[15:29:04] <rsalz> mic:  NO!  The only protection is end-to-end, ntp program to ntp program
[15:29:25] <rsalz> If that "program" is split into two executables on a local O/S, it's still a single endpoint.
[15:29:37] Samuel Weiler joins the room
[15:30:47] <Kyle Rose> I think we are in violent agreement
[15:35:56] <Samuel Weiler> (do any of you remote folks hear a consensus here?)
[15:38:20] <Samuel Weiler> ROUGH CONSENSUS:  no smuggling.  (= key exchange over NTP extension fields )
[15:38:50] <Samuel Weiler> (also, smuggling = DTLS over NTP)
[15:39:21] <rsalz> agree with the consensus.
[15:39:46] <rsalz> The CMS message format doesn't have key exchange, it has out-of-band key exchange
[15:43:36] <Samuel Weiler> Kristof says: I'd like to announce that i will be leaving between 12:15 and 12:30 (so roughly in half an hour).
[15:46:01] <Kyle Rose> Rich, does DTLS provide replay protection?
[15:46:03] <rsalz> DTLS provides privacy, replay, at least one-way auth, and some
[15:46:09] <Kyle Rose> Thanks
[15:46:36] <rsalz> she's right :)
[15:49:29] Haydn Kennedy leaves the room
[15:49:32] <Samuel Weiler> Tabling this topic for the moment.
[15:49:38] <Samuel Weiler> TOPIC: privacy and unlinkability.
[15:50:34] <rsalz> YES
[15:51:23] <rsalz> It's not even privacy considerations.  I guarantee a security AD will put a HOLD on this work if NTP can end up being used to track the client.
[15:57:53] <rsalz> Existing things are broken.  WE CANNOT MAKE IT WORSE
[15:58:11] <Samuel Weiler> (we can't?  is that a dare?)
[15:58:36] <rsalz> The benchmark has moved.  What used to be okay is no longer okay.
[16:02:20] <Samuel Weiler> tabling privacy.
[16:02:29] <Samuel Weiler> Miraslav joined the call.
[16:02:39] <Samuel Weiler> going back to what port to run NTS over.
[16:03:11] <Samuel Weiler> summarize: negotiate over second port, then run over 123.
[16:03:34] <Samuel Weiler> daniel's draft also has option to run inside the extension field.  can we remvoe that?
[16:05:03] <Samuel Weiler> miraslav: fears that the need to open a new port will be a significant barrier to adoption.
[16:05:34] <Samuel Weiler> Q from daniel: will this be as much of an issue if KE runs over TCP on separate port?
[16:06:13] <Samuel Weiler> daniel, summariz: harlan wants to run mode 6, so we're stuck supporting TCP.
[16:06:44] <Samuel Weiler> proposing to make mandatory: tcp on a different port.
[16:07:36] <Samuel Weiler> kristof: us naval observatory participant said this would be a burden for him.
[16:08:20] <rsalz> NOT QUITE.  TCP is in kernel, UDP/DTLS state is in (virtual) user space
[16:08:41] <rsalz> Having said that, TCP implementations are optimized as he-- these days.
[16:12:28] <Sebastian Pflieger> and you can use TLS offload appliances
[16:15:19] <Samuel Weiler> Miraslav: might want to support limited devices (microcontrollers)
[16:16:41] <rsalz> Clarification: in a talk I had with USNO, it would be work, but not a burden.
[16:16:47] <rsalz> (to use TCP)
[16:16:50] <Samuel Weiler> aanchal:  pointing to rfc7925 dtls for IoT
[16:18:08] <Samuel Weiler> Q from miraslav: why tcp?  A: normal TCP things, like relaibility.
[16:18:27] <Samuel Weiler> aanchal: both protocols provide same security guarantees.
[16:19:46] <Samuel Weiler> Q from aanchal: why don't we want to keep both options?  Harlan wants both.
[16:20:29] <Samuel Weiler> dieter: prefer prefer simplicity.  fewer options.
[16:20:50] <Samuel Weiler> dnaiel:  tcp is sufficient.  don't NEED both.
[16:27:37] <Sebastian Pflieger> for me tcp would be sufficient too. it makes the implementation easier as TLS is available nearly everywhere while DTLS is not.
[16:28:09] <rsalz> It depends I guess on who/when you ask.  USNO in my talk said "it's okay, we're building out"
[16:28:09] <Kyle Rose> Rich: who did you speak with at USNO?
[16:29:24] sepf joins the room
[16:29:29] Sebastian Pflieger leaves the room
[16:32:23] <rsalz> no opinion
[16:36:07] Kyle Rose leaves the room
[16:48:14] sepf leaves the room: Replaced by new connection
[16:48:55] sepf joins the room
[16:59:49] Kyle Rose joins the room
[17:07:20] <Samuel Weiler> we're restarting
[17:11:29] <stewart.bryant> have you restarted - no audio here
[17:12:12] <Samuel Weiler> oops
[17:12:30] <rsalz> yes
[17:13:14] <Samuel Weiler> CONCLUSION: the room is okay w/ deferring smuggling.  (didn't we decide this at 1138am?)
[17:13:53] <stewart.bryant> Technically you have to ask the list if they are ok with that
[17:14:03] <Kyle Rose> Yes, we need to confirm all consensus calls on the list
[17:14:14] <Samuel Weiler> the list is welcome to be okay with the room having its own opinion
[17:14:29] <Kyle Rose> But we're not going to do that in real-time because the round-trip time is too high
[17:14:31] <Samuel Weiler> the list is also welcome to be not okay with the room having its own option.
[17:14:40] <Samuel Weiler> and the list's opinion will be given due consideration
[17:16:23] <Samuel Weiler> with smuggling gone, there are no rate limiting issues.
[17:17:39] <Samuel Weiler> conlcusion: also deferring DTLS option.
[17:19:15] <Samuel Weiler> this leaves only the TLS/TCP option
[17:23:00] <Samuel Weiler> we will support both transports for mode 6.
[17:26:54] <Samuel Weiler> for mode 1/2, we support DTLS.
[17:28:19] <rsalz> waht was the question?
[17:28:43] <rsalz> no.
[17:28:54] <rsalz> O(packet size) only.
[17:28:56] <rsalz> no jitter
[17:29:27] <rsalz> times have changed; not 102A modems any more.
[17:29:43] <rsalz> used to be able to tell what was printing by listening to the LPT band, too.
[17:30:57] <Samuel Weiler> one day NTP will go the way of the payphone?
[17:35:05] <Samuel Weiler> (may I have my ink pen back, please?)
[17:36:10] <danny> I'll get you a quill
[17:41:45] <Samuel Weiler> moving back to privacy
[17:41:53] <Samuel Weiler> actionable questions:
[17:42:23] <Samuel Weiler> 1) is it necessary to address privacy and unlinkability?
[17:42:34] <Samuel Weiler> 2) is daniel's draft sufficient?
[17:42:55] <stewart.bryant> I think that it is onky necessary to say that you have thought about privacy
[17:43:44] <rsalz> NO  It is not longer good enough to say you have thought about it.
[17:43:53] <rsalz> And sorry but I have to leave and rest now.
[17:44:23] <stewart.bryant> Oh, is there an IESG statement to that effect? Idf so can U have the reference
[17:44:53] <Samuel Weiler> bye, rich
[17:49:02] <Samuel Weiler> daniel not advocating fixing NTP's leaks as part of this (no need to tie them together)
[17:49:44] <Samuel Weiler> sharon: wants to seize the opportunity to encrypt data now.
[17:52:02] <Samuel Weiler> kristof: supports sharon's point.  not worried re: encryption degrading precision - we're already biting off that bitter  pill.
[18:02:11] Haydn Kennedy joins the room
[18:06:12] <Samuel Weiler> daniel: thinks w/ can fix NTP privacy issues w/o encrypting all headers.  instead, can just set fields to fixed values (or similar)
[18:10:06] <Samuel Weiler> kristof says in webex: AGREE with Sharon: I would like data (even estimates) for cost differences of
- Encrypt nothing vs.
- Encrypt n keys vs.
- Encrypt everything, including NTP header data
[18:15:19] <Samuel Weiler> I'm stepping out.  someone else record key points, please?
[18:15:33] Samuel Weiler leaves the room
[18:42:23] <Karen O'Donoghue> I would like data (even estimates) for cost differences of
- Encrypt nothing vs.
- Encrypt n keys vs.
- Encrypt everything, including NTP header data
[18:43:05] <Karen O'Donoghue> <above from Kristof>
[18:44:54] <Karen O'Donoghue> Daniel will collect some performance analysis...
[19:03:37] rsalz leaves the room
[19:03:37] richsalz joins the room
[19:09:02] danny leaves the room
[19:09:10] richsalz leaves the room
[19:10:18] Samuel Weiler joins the room
[19:10:49] danny joins the room
[19:47:28] richsalz joins the room
[20:18:17] Kyle Rose leaves the room
[20:27:29] <Samuel Weiler> Leap Schmear?
[20:30:08] Kyle Rose joins the room
[20:42:02] sepf leaves the room: Replaced by new connection
[20:42:03] sepf joins the room
[20:43:05] Haydn Kennedy leaves the room
[20:44:16] Karen O'Donoghue leaves the room
[20:52:26] <Samuel Weiler> proceding w/ last-extension and meyer-ntp-ext
[20:52:58] <Samuel Weiler> for i_do, etended info, and suggest-refid: asking harlan to repost.
[21:09:04] danny leaves the room
[21:09:19] Kyle Rose leaves the room
[21:10:36] Samuel Weiler leaves the room

Powered by ejabberd - robust, scalable and extensible XMPP server