[ntp:questions] Re: server's address in ntp payload?

Brian Utterback brian.utterback at sun.removeme.com
Wed Nov 23 18:26:01 UTC 2005

Danny Mayer wrote:

> We follow the rule: "Be liberal about what you receive, be strict about
> what you return." The same goes for "how." The IP address is not an
> authentication token at all. If you want a really in depth discussion of
> the difference between identifiers and IP address, look at the
> discussion currently raging in int-area at ietf.org. You may find it
> illuminating.

Okay, I have read the discussion, and it appears to me to argue even 
more for what I am talking about. The base NTP protocol has neither
identifiers nor locators, relying on the IP address for both. Even when
an identifier is added via the crypto functions, it is still tied up
with the IP locator.

> Because there is no way of knowing otherwise. If there is an identifier
> in the protocol, there is no guarantee that it hasn't been spoofed by an
> attacker. Normally configured systems will always send out on the same
> address. If they are not normally configured you should authenticate on
> the new address as well. Otherwise it may be a MIM attack.

I agree. If the response IP changes, then that is an indicator that the
system should be re-authenticated.

My point is that NTP should not require the binding of all addresses.
As I have elsewhere stated, it is not necessary from a security point
of view, i.e. to prevent other processes from stealing the port.
It is sometimes necessary in order to obtain the destination address
of a packet, but that in itself should not be necessary and wouldn't
be if NTP had transaction ID's and/or system ID's.

Let's say we were designing NTP protocol V5. I would include a 
transaction id. Mr. Schwartz would include a system ID. I would
include an "extensions included" flag and make each extension have
a "type" and "length" prefix to get away from the whole "if it this
size then it is a V3 MAC, if it is that size it must be a multiple of
this many bytes" nonsense that we have now.

"Having them stolen may become our distribution model..."
Nicolas Negroponte on the Hundred Dollar Laptop.
Brian Utterback - OP/N1 RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom

More information about the questions mailing list