Mailing list for Timing over IP Connections and Transfer of Clock (TICTOC) ()

Yaakov Stein | 18 Mar 2012 15:18

Re: Please Comment on Practical Solutions for Encrypted Synchronization Protocol

Dacheng

To answer your question - I completely agree that "protecting" timing packets makes sense.
I completely disagree that encrypting timing packets makes sense.

We discussed this at great length at the beginning of the TICTOC WG.
What timing packets need is authentication of the master (or actually proventication).
On rare occasions authentication of the slave may be meaningful.

IPsec really does not help here.
ESP is not needed and AH is not enough by itself.

Y(J)S


-----Original Message-----
From: Dacheng Zhang(Dacheng) [mailto:zhangdacheng <at> huawei.com] 
Sent: Thursday, March 15, 2012 05:24
To: Yaakov Stein; Cui Yang
Cc: tictoc <at> ietf.org
Subject: 答复: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol

Hi, Yaakov:

Thanks a lot for your time. See the inline please..

>> 
>> Yes, I fully appreciate the scenario you are discussing,
>> where ALL packets MUST be encrypted.
>>

(Continue reading)

headers

Alexander Vainshtein | 18 Mar 2012 16:06

Re: Please Comment on Practical Solutions for Encrypted Synchronization Protocol

Hi all,
I fully agree with Yaakov that encrypting timing packets does not make any sense.

I am not sure if authentication of the Slave is needed only on rare occasions:
Spoofing tons of Delay Requests from genuinely-looking slaves could be a nice way to attack a given Master
until it crashes...

My 2c,
     Sasha

________________________________________
From: tictoc-bounces <at> ietf.org [tictoc-bounces <at> ietf.org] on behalf of Yaakov Stein [yaakov_s <at> rad.com]
Sent: Sunday, March 18, 2012 3:18 PM
To: Dacheng Zhang(Dacheng); Cui Yang
Cc: tictoc <at> ietf.org
Subject: Re: [TICTOC] Please Comment on Practical Solutions     for     Encrypted       Synchronization Protocol

Dacheng

To answer your question - I completely agree that "protecting" timing packets makes sense.
I completely disagree that encrypting timing packets makes sense.

We discussed this at great length at the beginning of the TICTOC WG.
What timing packets need is authentication of the master (or actually proventication).
On rare occasions authentication of the slave may be meaningful.

IPsec really does not help here.
ESP is not needed and AH is not enough by itself.

Y(J)S

(Continue reading)

headers

Yaakov Stein | 18 Mar 2012 18:30

Re: Please Comment on Practical Solutions for Encrypted Synchronization Protocol

Sasha

The reason we were thinking about is charging for timing services.

Forcing an NTP server to authenticate clients will probably overload it faster than attacking a
non-authenticating server.

A master that holds state will probably have the slaves configured,
or some strong authentication will be needed at the beginning of the process.

Y(J)S

-----Original Message-----
From: Alexander Vainshtein [mailto:Alexander.Vainshtein <at> ecitele.com] 
Sent: Sunday, March 18, 2012 17:07
To: Yaakov Stein; Dacheng Zhang(Dacheng); Cui Yang
Cc: tictoc <at> ietf.org
Subject: RE: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol

Hi all,
I fully agree with Yaakov that encrypting timing packets does not make any sense.

I am not sure if authentication of the Slave is needed only on rare occasions:
Spoofing tons of Delay Requests from genuinely-looking slaves could be a nice way to attack a given Master
until it crashes...

My 2c,
     Sasha

(Continue reading)