[ntp:hackers] ntp Authentification support for X.509v3 againstaCertificate Authority (CA)

Greg Dowd GDowd at symmetricom.com
Thu Jun 22 02:40:48 UTC 2006


The doc I'm looking at is ~mills/ident.html (linked as Autokey Identity
Schemes) on the NTP Time Synchronization Project Page.  This has no
section on TC schema.  The book has a description in section 10.3 but
it's actually pretty muddy.  It specifies that the certificate is
designated trusted if it has a string trustRoot as an extended
attribute.  But it's not really that simple.  Typically there is a
client trusted certificate store that the root certificate would need to
be validated against.  Otherwise, some scheme for validating the
certificate external to process is recommended or masquerade is an
issue.  Also, the book TC scheme states that the trusted certificate
would normally belong to a primary or secondary server.  Again, not
typical.  If I was implementing this, I would use a token which would
generate a pair of keys and a certificate request.  This is important as
I don't get access to the private key myself, just the cert request.  I
would then export the cert request and have it fulfilled by a
certificate authority.  Then, I would take the CA root cert and the
issued cert and load them into my token on the ntp server.  At that
point, clients could request the certificate from the server and the
server would respond with a SEQ of certificates, which could be just the
ntp server cert or could be the whole chain up to the CA.  The client
would then 

1) just accept the cert (in which case it's just the PC schema)
2) verify the chain to the ca cert and compare the ca cert against a
local trusted store.
3) verify the chain to the ca cert and then externally validate the ca
cert
or 
4) do 3 and check for a certificate revocation list as well.




Greg Dowd
gdowd at symmetricom dot com (antispam format)
Symmetricom, Inc. 
www.symmetricom.com
"The current implementation is non-obvious and may need to be improved."




-----Original Message-----
From: hackers-bounces at support.ntp.org
[mailto:hackers-bounces at support.ntp.org] On Behalf Of David L. Mills
Sent: Wednesday, June 21, 2006 7:13 PM
To: hackers at support.ntp.org
Cc: Laatz, Erek
Subject: Re: [ntp:hackers] ntp Authentification support for X.509v3
againstaCertificate Authority (CA)

Greg,

On the NTP project page at www.ntp.org there are three security
briefings
http://www.eecis.udel.edu/~mills/database/brief/autokey/autokey.pdf,
http://www.eecis.udel.edu/~mills/database/brief/secalgor/secalgor.pdf
and
http://www.eecis.udel.edu/~mills/database/brief/secproto/secproto.pdf,
two (large) HTML pages http://www.eecis.udel.edu/~mills/proto.html and
http://www.eecis.udel.edu/~mills/ident.html, a 56-page technical report
http://www.eecis.udel.edu/~mills/database/reports/stime1/stime.pdf, as
well as two chapters in das Buch. Which document do you have in mind? 
The documents might not all be complete, consistent and may have errors.

The only thing I truly trust is das Buch. Nobody's perfect. Whatever
questions you might have should be answered in the docuemnts cited, even
if they are wordy, intricate and plain boring.

The x509v3 certificates are generated, signed and the trails hiked in
the same way as PKIX. The trails end on a self-signed trusted
certificate held by the same dude that generated the (optional) identity
key. I expect that, if the PKIX infrastructure was required, very minor
modifications might have to be made in the extension fields. I would
dearly like a volunteer to actually try generating and signing a
certificate in the old fashion way and report what breaks in ntpd.

Dave

Greg Dowd wrote:

>Is there something in the doc that talks about how to walk a cert
trail?
>I think the openssl list is a good place to start.  The Autokey doc 
>mentions more protocol aspect issues such as "distributed via secure 
>means".  Where is the "hiking a CA trail" doc?  As far as I know, the 
>autokey implementation is still just sending a single cert, which in 
>reality is expected to end in a self-signed cert via proventic check.
>In the identity schema doc, there is a mention of 5 schemes in the 
>first
>4 paras, then it drops to 4 schemes and TC goes away, right?  
>
>Typical mechanisms for cert validation and crl distribution are x.500 
>dirs or ldap.  This is typically org specific based on whose ca 
>software is installed.
>
>
>
>Greg Dowd
>gdowd at symmetricom dot com (antispam format) Symmetricom, Inc.
>www.symmetricom.com
>"The current implementation is non-obvious and may need to be
improved."
>
>
>
>
>-----Original Message-----
>From: hackers-bounces at support.ntp.org
>[mailto:hackers-bounces at support.ntp.org] On Behalf Of David L. Mills
>Sent: Wednesday, June 21, 2006 2:44 PM
>To: hackers at support.ntp.org
>Cc: Laatz, Erek
>Subject: Re: [ntp:hackers] ntp Authentification support for X.509v3
>againsta Certificate Authority (CA)
>
>Erek, Danny,
>
>A full disclosure about the Autokey public key scheme is in the January
>technical report on the NTP project page linked from www.ntp.org. The
>scheme does hike the CA trail to a trusted host acting as a root CA. 
>However, there is a problem. I suppose you need to use a comercial
>authority. Unless they run NTP with Autokey and have their own trusted
>NTP source, the period of validity cannot be verified.
>
>The distribution does include means to generate x509v3 certificates
>using the the ntp-genkeys routine, which uses the OpenSSL library. In
>principle, x509v3 certificates generated by the x509 program in that
>library can be used and in principle any other means that uses the
>common names assumed by the Autokey model. As now, the common names
must
>be those provided by the Unix hostname utility. and the must be encoded
>in PEM with a header giving file name and datestamp.
>
>Try running ntp-genkeys, making a host certificate, asking a comercial
>CA to sign it and using it in your trusted host. Presumably, that would
>extend the trail to the CA. That would't work with identify schemes,
but
>it would be interesting to try.
>
>Dave
>
>Danny Mayer wrote:
>
>
>>Laatz, Erek wrote:
>>
>>
>>>Dear all,
>>>
>>>we want to set up a larger environment for around 60 NTP servers in 
>>>Germany.
>>>All these hosts will have the ability to use system specific X509v3 
>>>certificates issued by a CA. Our idea is to use these certificates 
>>>also for ntp authentification as we have the requirement to use some 
>>>kind of authentification within the ntp installations.
>>>
>>>I've looked in several sources but found no idea how to realize a 
>>>certificate verification against a CA, even found no special hint on 
>>>how to realize it within the autokey protocol.
>>>
>>>Is there anyone who have an idea how to realize a X.509v3 certificate
>>>
>
>>>verification against a CA?
>>>
>>>Best gregards, Yours
>>>
>>>Erek
>>>
>>
>>Dave Mills is the best person to answer these questions but he's not 
>>on this list, so I have added him to this reply. Have you looked at 
>>the autokey protocol for details about how it works?
>>
>>Danny
>>
>>
>
>_______________________________________________
>hackers mailing list
>hackers at support.ntp.org
>https://support.ntp.org/mailman/listinfo/hackers
>
>
>

_______________________________________________
hackers mailing list
hackers at support.ntp.org
https://support.ntp.org/mailman/listinfo/hackers




More information about the hackers mailing list