| < draft-ietf-ntp-data-minimization-00.txt | draft-ietf-ntp-data-minimization-01.txt > | |||
|---|---|---|---|---|
| Network Working Group D. Franke | Network Working Group D. Franke | |||
| Internet-Draft Akamai | Internet-Draft Akamai | |||
| Updates: 5905 (if approved) A. Malhotra | Updates: 5905 (if approved) A. Malhotra | |||
| Intended status: Standards Track Boston University | Intended status: Standards Track Boston University | |||
| Expires: November 25, 2017 May 24, 2017 | Expires: January 28, 2018 July 27, 2017 | |||
| NTP Client Data Minimization | NTP Client Data Minimization | |||
| draft-ietf-ntp-data-minimization-00 | draft-ietf-ntp-data-minimization-01 | |||
| Abstract | Abstract | |||
| This memo proposes backward-compatible updates to the Network Time | This memo proposes backward-compatible updates to the Network Time | |||
| Protocol to strip unnecessary identifying information from client | Protocol to strip unnecessary identifying information from client | |||
| requests and to improve resilience against blind spoofing of | requests and to improve resilience against blind spoofing of | |||
| unauthenticated server responses. | unauthenticated server responses. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 25, 2017. | This Internet-Draft will expire on January 28, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 14 ¶ | skipping to change at page 2, line 14 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 | 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Client Packet Format . . . . . . . . . . . . . . . . . . . . 2 | 3. Client Packet Format . . . . . . . . . . . . . . . . . . . . 2 | |||
| 4. Security and Privacy Considerations . . . . . . . . . . . . . 3 | 4. Security and Privacy Considerations . . . . . . . . . . . . . 3 | |||
| 4.1. Data Minimization . . . . . . . . . . . . . . . . . . . . 3 | 4.1. Data Minimization . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.2. Transmit Timestamp Randomization . . . . . . . . . . . . 4 | 4.2. Transmit Timestamp Randomization . . . . . . . . . . . . 4 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 6. Implementation status - RFC EDITOR: REMOVE BEFORE PUBLICATION 4 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . 4 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . 5 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5 | 7.2. Informative References . . . . . . . . . . . . . . . . . 5 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 1. Introduction | 1. Introduction | |||
| Network Time Protocol (NTP) packets, as specified by RFC 5905 | Network Time Protocol (NTP) packets, as specified by RFC 5905 | |||
| [RFC5905], carry a great deal of information about the state of the | [RFC5905], carry a great deal of information about the state of the | |||
| NTP daemon which transmitted them. In the case of mode 4 packets | NTP daemon which transmitted them. In the case of mode 4 packets | |||
| (responses sent from server to client), as well as in broadcast (mode | (responses sent from server to client), as well as in broadcast (mode | |||
| 5) and symmetric peering modes (mode 1/2), most of this information | 5) and symmetric peering modes (mode 1/2), most of this information | |||
| is essential for accurate and reliable time synchronizaton. However, | is essential for accurate and reliable time synchronizaton. However, | |||
| in mode 3 packets (requests sent from client to server), most of | in mode 3 packets (requests sent from client to server), most of | |||
| skipping to change at page 4, line 39 ¶ | skipping to change at page 4, line 39 ¶ | |||
| packet was sent. This is suboptimal, because with so few random | packet was sent. This is suboptimal, because with so few random | |||
| bits, an adversary sending spoofed packets at high volume will have a | bits, an adversary sending spoofed packets at high volume will have a | |||
| good chance of correctly guessing a valid origin timestamp. | good chance of correctly guessing a valid origin timestamp. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| [RFC EDITOR: DELETE PRIOR TO PUBLICATION] | [RFC EDITOR: DELETE PRIOR TO PUBLICATION] | |||
| This memo introduces no new IANA considerations. | This memo introduces no new IANA considerations. | |||
| 6. References | 6. Implementation status - RFC EDITOR: REMOVE BEFORE PUBLICATION | |||
| 6.1. Normative References | This section records the status of known implementations of the | |||
| protocol defined by this specification at the time of posting of this | ||||
| Internet-Draft, and is based on a proposal described in RFC7942. The | ||||
| description of implementations in this section is intended to assist | ||||
| the IETF in its decision processes in progressing drafts to RFCs. | ||||
| Please note that the listing of any individual implementation here | ||||
| does not imply endorsement by the IETF. Furthermore, no effort has | ||||
| been spent to verify the information presented here that was supplied | ||||
| by IETF contributors. This is not intended as, and must not be | ||||
| construed to be, a catalog of available implementations or their | ||||
| features. Readers are advised to note that other implementations may | ||||
| exist. | ||||
| As of today the following vendors have produced an implementation of | ||||
| the NTP Client Data Minimization recommendations described in this | ||||
| document. | ||||
| OpenNTPD | ||||
| 7. References | ||||
| 7.1. Normative References | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, | [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, | |||
| "Network Time Protocol Version 4: Protocol and Algorithms | "Network Time Protocol Version 4: Protocol and Algorithms | |||
| Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, | Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, | |||
| <http://www.rfc-editor.org/info/rfc5905>. | <http://www.rfc-editor.org/info/rfc5905>. | |||
| 6.2. Informative References | 7.2. Informative References | |||
| [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | |||
| "Randomness Requirements for Security", BCP 106, RFC 4086, | "Randomness Requirements for Security", BCP 106, RFC 4086, | |||
| DOI 10.17487/RFC4086, June 2005, | DOI 10.17487/RFC4086, June 2005, | |||
| <http://www.rfc-editor.org/info/rfc4086>. | <http://www.rfc-editor.org/info/rfc4086>. | |||
| [RFC6528] Gont, F. and S. Bellovin, "Defending against Sequence | [RFC6528] Gont, F. and S. Bellovin, "Defending against Sequence | |||
| Number Attacks", RFC 6528, DOI 10.17487/RFC6528, February | Number Attacks", RFC 6528, DOI 10.17487/RFC6528, February | |||
| 2012, <http://www.rfc-editor.org/info/rfc6528>. | 2012, <http://www.rfc-editor.org/info/rfc6528>. | |||
| [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., | [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., | |||
| Morris, J., Hansen, M., and R. Smith, "Privacy | Morris, J., Hansen, M., and R. Smith, "Privacy | |||
| Considerations for Internet Protocols", RFC 6973, | Considerations for Internet Protocols", RFC 6973, | |||
| DOI 10.17487/RFC6973, July 2013, | DOI 10.17487/RFC6973, July 2013, | |||
| <http://www.rfc-editor.org/info/rfc6973>. | <http://www.rfc-editor.org/info/rfc6973>. | |||
| 7.3. URIs | ||||
| [1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/ | ||||
| client.c?rev=1.1 | ||||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| The authors thank Prof. Sharon Goldberg and Miroslav Lichvar for | The authors would like to gratefully acknowledge Henning Brauer for | |||
| calling attention to the issues addressed in this memo. | pioneering NTP data minimization techniques as early as June 2004 [1] | |||
| as part of an NTP implementation for the OpenBSD Project. | ||||
| The authors would like to thank Prof. Sharon Goldberg and Miroslav | ||||
| Lichvar for encouraging standardisation of the approach described in | ||||
| this document. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Daniel Fox Franke | Daniel Fox Franke | |||
| Akamai Technologies, Inc. | Akamai Technologies, Inc. | |||
| 150 Broadway | 150 Broadway | |||
| Cambridge, MA 02142 | Cambridge, MA 02142 | |||
| United States | United States | |||
| Email: dafranke@akamai.com | Email: dafranke@akamai.com | |||
| End of changes. 9 change blocks. | ||||
| 13 lines changed or deleted | 45 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||