idnits 2.17.1 draft-stenn-ntp-extension-fields-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC5905], [RFC5906], [RFC7822]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. -- The draft header indicates that this document obsoletes RFC7822, but the abstract doesn't seem to directly say this. It does mention RFC7822 though, so this could be OK. -- The abstract seems to indicate that this document updates RFC5905, but the header doesn't have an 'Updates:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 2, 2018) is 2025 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 5906 ** Downref: Normative reference to an Experimental RFC: RFC 7821 Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force H. Stenn 3 Internet-Draft D. Mills 4 Obsoletes: 7822 (if approved) Network Time Foundation 5 Intended status: Standards Track October 2, 2018 6 Expires: April 5, 2019 8 Network Time Protocol Version 4 (NTPv4) Extension Fields 9 draft-stenn-ntp-extension-fields-08 11 Abstract 13 Network Time Protocol version 4 (NTPv4) defines the optional usage of 14 extension fields. An extension field, as defined in RFC 5905 15 [RFC5905] and RFC 5906 [RFC5906], resides after the end of the NTP 16 header and supplies optional capabilities or information that cannot 17 be conveyed in the basic NTP packet. This document updates RFC 5905 18 [RFC5905] by clarifying some points regarding NTP extension fields 19 and their usage with legacy Message Authentication Codes (MACs), and 20 removes wasteful requirements added by RCF 7822 [RFC7822]. 22 This proposal deprecates RFC 7822 [RFC7822]. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on April 5, 2019. 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 60 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 61 2.2. Terms and Abbreviations . . . . . . . . . . . . . . . . . 3 62 3. NTP MAC - RFC 5906 Update . . . . . . . . . . . . . . . . . . 4 63 3.1. RFC5906 Section 4. - Autokey Cryptography . . . . . . . . 4 64 3.2. RFC5906 Section 10. - Autokey Protocol Messages . . . . . 4 65 3.3. RFC5906 Section 11.5. - Error Recovery . . . . . . . . . 4 66 3.4. RFC5906 Section 13. - IANA Consideration . . . . . . . . 4 67 4. NTP Extension Fields - RFC 5905 Update . . . . . . . . . . . 5 68 4.1. OLD: 'RFC5905 7.5 - NTP Extension Field Format' . . . . . 5 69 4.2. NEW: 'RFC5905 Section 7.5 - NTP Extension Field Format' . 5 70 4.3. NEW: 'RFC5905 Section 7.5.1 - Extension Fields and MACs' 8 71 4.4. OLD: 'RFC5905 Section 9.2. - Peer Process Operations' . . 9 72 4.5. NEW: 'RFC5905 Section 9.2. - Peer Process Operations' . . 9 73 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 75 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 76 8. Normative References . . . . . . . . . . . . . . . . . . . . 11 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 79 1. Introduction 81 An NTP packet consists of a set of fixed fields that may be followed 82 by optional fields. Two types of optional fields are defined: 83 extension fields (EFs) as defined in Section 7.5 of RFC 5905 84 [RFC5905], and legacy Message Authentication Codes (legacy MACs). 86 If a legacy MAC is used, it resides at the end of the packet. This 87 field can be either a 4-octet crypto-NAK or data that has 88 traditionally been 16, 20 or 24 octets long. 90 Additional information about the content of a MAC is specified in RFC 91 5906 [RFC5906], but since that RFC is Informational an implementor 92 that was not planning to provide Autokey would likely never read that 93 document. The result of this would be interoperability problems, at 94 least. To address this problem this proposal also copies and 95 clarifies some of the content of RFC 5906, putting it into RFC 5905. 96 Because there is a reasonable expectation that RFC 5906 will be 97 deprecated, this document does not propose changes or updates to RFC 98 5906. 100 NTP extension fields are defined in RFC 5905 [RFC5905] as a generic 101 mechanism that allows the addition of future extensions and features 102 without modifying the NTP header format (Section 16 of RFC 5905 103 [RFC5905]). 105 With the knowledge and experience we have gained over time, it has 106 become clear that simplifications, clarifications, and improvements 107 can be made to the NTP specification around EFs and MACs. 109 This proposal adjusts and clarifies the requirements around EFs and 110 MACs, allows EFs to be on 4-octet boundaries of any acceptable 111 length, and provides methods to disambiguate packet parsing in the 112 unexpected and unlikely case where an implementation would choose to 113 send a packet that could be ambiguously parsed by the receiver. 115 This proposal deprecates RFC 7822 [RFC7822]. 117 Implementations are still free to send EFs that are padded to longer 118 lengths that otherwise follow the requirements below. 120 This document better specifies and clarifies extension fields as well 121 as the requirements and parsing of a legacy MAC, with changes to 122 address errors found after the publication of RFC 5905 [RFC5905] with 123 respect to extension fields. Specifically, this document updates 124 Section 7.5 of RFC 5905 [RFC5905], clarifying the relationship 125 between extension fields and MACs, and expressly defines the behavior 126 of a host that receives an unknown extension field. 128 2. Conventions Used in This Document 130 2.1. Requirements Language 132 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 133 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 134 document are to be interpreted as described in RFC 2119 [RFC2119]. 136 2.2. Terms and Abbreviations 138 EF - Extension Field 140 MAC - Message Authentication Code 142 NTPv4 - Network Time Protocol, Version 4 RFC 5905 [RFC5905] 144 3. NTP MAC - RFC 5906 Update 146 This document copies and updates some information in RFC 5906 147 [RFC5906] and puts it in to RFC 5905, as follows: 149 3.1. RFC5906 Section 4. - Autokey Cryptography 151 This section describes some of the cryptography aspects of Autokey. 152 The third paragraph describes the use of 128- and 160-bit message 153 digests. The enumeration of 128- and 160-bit message digests is not 154 meant to be limiting - other message digest lengths MAY be 155 implemented. This paragraph also describes some of the expected 156 semantic ranges of the key ID. This information belongs in RFC 5905. 157 The key ID value is particularly significant because it provides 158 additional detection and disambiguation protection when deciding if 159 the next data portion is either a legacy MAC or an extension field. 160 [This is additional evidence that although RFC 5906 is Informational, 161 parts of its content are REQUIRED for proper behavior of RFC 5905.] 163 3.2. RFC5906 Section 10. - Autokey Protocol Messages 165 This section describes the extension field format, including initial 166 flag bits, a Code field, and 8-bit Field Type, and the 16-bit Length. 167 This proposal expands and clarifies this information and puts it into 168 RFC 5905. 170 This section says "The reference implementation discards any packet 171 with a field length of more than 1024 characters." but this is no 172 longer true. 174 3.3. RFC5906 Section 11.5. - Error Recovery 176 This section describes the crypto-NAK, which should be described in 177 RFC 5905. A crypto-NAK is used by RFC 5905 as well. [This is 178 additional evidence that even though RFC 5906 was Informational, some 179 of its content is REQUIRED for proper behavior for RFC 5095.] 181 3.4. RFC5906 Section 13. - IANA Consideration 183 This section lists the Autokey-related Extension Field Types, 184 including Flag Bits, Codes, and Field Types, which should be 185 described in RFC 5905, or perhaps in some other document. [This is 186 additional evidence that even though RFC 5906 is Informational, some 187 of its content is REQUIRED for proper behavior for RFC 5905.] 189 4. NTP Extension Fields - RFC 5905 Update 191 This document updates Section 7.5 of RFC 5905 [RFC5905] as follows: 193 4.1. OLD: 'RFC5905 7.5 - NTP Extension Field Format' 195 In NTPv4, one or more extension fields can be inserted after the 196 header and before the MAC, which is always present when an extension 197 field is present. Other than defining the field format, this 198 document makes no use of the field contents. An extension field 199 contains a request or response message in the format shown in 200 Figure 14. 202 0 1 2 3 203 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 204 +---------------+---------------+-------------------------------+ 205 | Field Type | Field Length | 206 +-------------------------------+-------------------------------+ 207 . . 208 . Value . 209 . . 210 +-------------------------------+-------------------------------+ 211 | Padding (as needed) | 212 +---------------------------------------------------------------+ 214 Figure 14: Extension Field Format 216 All extension fields are zero-padded to a word (four octets) 217 boundary. The Field Type field is specific to the defined function 218 and is not elaborated here. While the minimum field length 219 containing required fields is four words (16 octets), a maximum field 220 length remains to be established. 222 The Length field is a 16-bit unsigned integer that indicates the 223 length of the entire extension field in octets, including the Padding 224 field. 226 4.2. NEW: 'RFC5905 Section 7.5 - NTP Extension Field Format' 228 In NTPv4, one or more extension fields can be inserted after the 229 header and before the possibly optional legacy MAC. A MAC SHOULD be 230 present when an extension field is present. A MAC is always present 231 in some form when NTP packets are authenticated. This MAC SHOULD be 232 either a legacy MAC or a MAC-EF. It MAY be both. Other than 233 defining the field format, this document makes no use of the field 234 contents. An extension field contains a request or response message 235 in the format shown in Figure 14. 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +---------------+---------------+-------------------------------+ 240 | Field Type | Field Length | 241 +-------------------------------+-------------------------------+ 242 . . 243 . Value . 244 . . 245 +-------------------------------+-------------------------------+ 246 | Padding (as needed) | 247 +---------------------------------------------------------------+ 249 Figure 14: Extension Field Format 251 The four octets that comprise the Field Type and Field Length are 252 called the Extension Field Header. Octets beyond the Extension Field 253 Header are called the Extension Field Body, or the Extension Field 254 Payload. The EF Body (EF Payload) MAY be null in some cases. 256 All extension fields are zero-padded to a word (four octet) boundary. 257 The Field Type is specific to the defined functionality and detailed 258 information about the Field Type is not elaborated here. The minimum 259 size of an Extension Field is a 32-bit word (4 octets), and while the 260 maximum extension field size MUST be 65532 octets or less, an NTP 261 packet SHOULD NOT exceed the network MTU. 263 The Field Length is a 16-bit unsigned integer that indicates the 264 length of the entire extension field in octets, including any Padding 265 octets. The bottom two bits of the Field Length SHOULD be zero, and 266 the size of the extension field SHOULD end on a 32-bit (4 octet) 267 boundary. [RFC5905 Section 7.5 says "All extension fields are zero- 268 padded to a word (four octets) boundary." but does not use 'MUST' 269 language. Is it overkill to reiterate this requirement here? Should 270 we use SHOULD or MUST regarding the bottom two bits or the boundary 271 of the EF? It is possible, down the road, that we might find some 272 use for those bottom 2 bits, even if we require a 32-bit boundary on 273 the last octet of an EF.] 275 The Field Type contains the following sub-elements: 277 0 1 2 3 278 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 279 +---------------+---------------+-------------------------------+ 280 |R|E| Code | Type | (Field Length) | 281 +-------------------------------+-------------------------------+ 283 Extension Field Header Format 285 Where the following Field Type flags are defined: 287 R: 0 for "Information/Query", 1 for a "Response" 289 E: 0 for "OK", 1 for an "Error". Unused, and will be deprecated. 291 [The 'R' flag is currently used by Autokey, and by the proposed I-DO 292 extension field. This flag is used after the packet is accepted.] 294 [The 'E' flag was proposed for use by Autokey, after the packet was 295 accepted. As it was never used and no other use-cases have been 296 identified, we are recommending this flag be deprecated at some point 297 in the future.] 299 [The EF Code subtype is currently used by RFC 5906, Autokey 300 [RFC5906], by the proposed Extended Information EF proposal, and is 301 expected to be used by the NTS Extension Field, at least.] 303 The Autokey EF currently uses the most Code values - 10 of them, 304 which equates to the least-significant 4 bits of the high-order 305 octet. It is possible that additional flag bits will be allocated; 306 in the past, the high-order 2 bits were reserved, and for a time two 307 additional bits were proposed. Make no assumptions about the unused 308 bits in this octet. 310 The EF Header and Body fields (the Flags, Code, Type, and Length, and 311 any Value or Padding) are specific to the defined functionality and 312 are not elaborated here; appropriate Field Type Flags, the EF Code, 313 and EF Type values are defined in an IANA registry, and the Length, 314 Value, and Padding values are defined by the document referred to by 315 the registry. If a host receives an extension field with an unknown 316 Field Type, the host SHOULD ignore the extension field and MAY drop 317 the packet altogether, depending on local policy. 319 The Length field is a 16-bit unsigned integer that indicates the 320 length of the entire extension field in octets, including any 321 Padding. 323 While the minimum field length of an EF that contains no value or 324 padding fields is one word (four octets), and the minimum field 325 length of an EF that contains required fields is two words (8 326 octets), the maximum field length MUST NOT be longer than 65532 327 octets due to the maximum size of the data represented by the Length 328 field, and SHOULD be small enough that the size of the NTP packet 329 received by the client does not exceed the smallest MTU between the 330 sender and the recipient. The bottom two bits of the Field Length 331 SHOULD be zero and the EF data SHOULD be aligned to a 32-bit (4 332 octet) boundary. 334 4.3. NEW: 'RFC5905 Section 7.5.1 - Extension Fields and MACs' 336 With the inclusion of additional Extension Fields, there is now a 337 potential that a poorly-designed implementation would produce an 338 ambiguous parsing in the presence of a legacy MAC. What follows are 339 two possibly independent ways to prevent this situation from ever 340 happening. 342 Note well that to-date, there are only two defined Extension Field 343 Types: Autokey, defined by RFC 5906 [RFC5906], and the Experimental 344 UDP Checksum Complement in the Network Time Protocol, defined by RFC 345 7821 [RFC7821]. 347 In spite of its known serious problems, Autokey is still in use by 348 some and is a legacy case that is easily supported. Old systems will 349 still work. An old system will still be able to open a properly- 350 configured Autokey association to a new system, a new system will 351 still be able to open a properly-configured Autokey association with 352 an old system, and two new systems will be able to open a properly- 353 configured Autokey association. 355 The UDP Checksum Complement extension field forbids the use of a 356 legacy MAC, so any packet that uses it CANNOT be using a legacy MAC. 357 [We could list the detailed and specific reasons why traffic using 358 this EF is immune to EF/legacy MAC problems, but I fear that would 359 just be confusing to most people.] 361 The first and best way to prevent ambiguous parsing is to use the 362 I-DO extension field. 364 By definition any NTP client or server that handles any other 365 Extension Fields is "new code" and can completely prevent ambiguity 366 by the initiating side sending a packet containing an I-DO extension 367 field followed by an optional MAC-EF followed by an optional legacy 368 MAC. The inclusion of any MAC would be dictated by the 369 authentication requirements of the association. 371 Note that NTP traffic works perfectly well without using any other 372 extension fields. Newer extension fields offer additional 373 capabilities, but these capabilities are not required for operation. 374 [Even in the case of NTS or SNT, we're talking about "new code" that 375 can be expected to be aware of issues with new extension fields an 376 legacy MACs.] 378 If the initiating side sends an I-DO packet and gets no response, it 379 operates as if the other side cannot handle new extension fields and 380 simply continues the association without sending any new extension 381 fields. At any point in the future a packet can be sent with an I-DO 382 extension field to see if the other side will respond. 384 An NTP implementation that receives a packet with an I-DO extension 385 field may respond with a packet that may or may not contain an I-DO 386 Response. If it does not respond, the other side SHOULD assume that 387 the receiver does not understand new EFs. If it responds without 388 sending an I-DO Response extension field, the sending side knows it 389 should not send any new extension fields to this server. If the 390 system that receives an I-DO extension field responds with an I-DO 391 Response, it's telling the sender exactly what capabilities it is 392 currently willing to exchange. 394 The second way to prevent ambiguous parsing is to use the LAST-EF 395 extension field. 397 By definition, if I-DO is used and each side agrees to support LAST- 398 EF then LAST-EF will prevent any ambiguity. 400 If, however, I-DO is not used then one side can simply send a packet 401 with a LAST-EF. The LAST-EF extension field could be four-octet 402 extension field, it could be a 28 octet extension field, or some 403 other length that ends on a 32-bit boundary. If the other side 404 responds appropriately then all is well. If the other side does not 405 respond appropriately the sender should proceed without sending any 406 new extension fields. 408 Parties interested in additional reasons for and approaches to 409 understanding why there is no reason to be concerned about potential 410 ambiguities with new code that would use new extension fields and 411 legacy MACs can look at the the drafts that preceded this document. 413 4.4. OLD: 'RFC5905 Section 9.2. - Peer Process Operations' 415 ... 417 FXMIT. ... This message includes the normal NTP header data shown in 418 Figure 8, but with a MAC consisting of four octets of zeros. ... 420 4.5. NEW: 'RFC5905 Section 9.2. - Peer Process Operations' 422 ... 424 FXMIT. ... This message includes the normal NTP header data shown in 425 Figure 8, but with a MAC consisting of four octets of zeros. This 426 MAC can be a legacy MAC or a MAC-EF. If it's a MAC-EF, the crypto- 427 NAK MUST be the only MAC in the MAC-EF payload. ... 429 5. Acknowledgements 431 The authors wish to acknowledge the contributions of Sam Weiler, 432 Danny Mayer, and Tal Mizrahi. 434 6. IANA Considerations 436 This memo requests IANA to update the NTP Extension Field Types table 437 in the NTP Parameters document as follows. The following is expected 438 to be a functional superset of the existing information: 440 0 1 441 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 442 +---------------+---------------+ 443 |R|E| Code | Type | 444 +-------------------------------+ 446 NTP Extension Field Type Format 448 Where the following Field Type flags are defined: 450 R: 0 for "Information/Query", 1 for a "Response" 452 E: 0 for "OK", 1 for an "Error". Unused, and will be deprecated. 454 +------------+----------------------------------------------+ 455 | Field Type | Meaning | 456 +------------+----------------------------------------------+ 457 | 0x0000 | crypto-NAK (with Field Length of 0) | 458 | 0x0000 | RESERVED: Permanently Unassigned | 459 | 0x0001 | RESERVED: Unassigned | 460 | 0x0002 | Autokey: No-Operation Request | 461 | 0x8002 | Autokey: No-Operation Response | 462 | 0x0102 | Autokey: Association Message Request | 463 | 0x8102 | Autokey: Association Message Response | 464 | 0x0202 | Autokey: Certificate Message Request | 465 | 0x8202 | Autokey: Certificate Message Response | 466 | 0x0302 | Autokey: Cookie Message Request | 467 | 0x8302 | Autokey: Cookie Message Response | 468 | 0x0402 | Autokey: Autokey Message Request | 469 | 0x8402 | Autokey: Autokey Message Response | 470 | 0x0502 | Autokey: Leapseconds Value Message Request | 471 | 0x8502 | Autokey: Leapseconds Value Message Response | 472 | 0x0602 | Autokey: Sign Message Request | 473 | 0x8602 | Autokey: Sign Message Response | 474 | 0x0702 | Autokey: IFF Identity Message Request | 475 | 0x8702 | Autokey: IFF Identity Message Response | 476 | 0x0802 | Autokey: GQ Identity Message Request | 477 | 0x8802 | Autokey: GQ Identity Message Response | 478 | 0x0902 | Autokey: MV Identity Message Request | 479 | 0x8902 | Autokey: MV Identity Message Response | 480 | 0x0005 | Checksum Complement | 481 | 0x2005 | Checksum Complement (deprecated flag 0x2000) | 482 +------------+----------------------------------------------+ 484 Current Extension Fields 486 7. Security Considerations 488 Additional information TBD, as needed. 490 8. Normative References 492 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 493 Requirement Levels", BCP 14, RFC 2119, 494 DOI 10.17487/RFC2119, March 1997, 495 . 497 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 498 "Network Time Protocol Version 4: Protocol and Algorithms 499 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 500 . 502 [RFC5906] Haberman, B., Ed. and D. Mills, "Network Time Protocol 503 Version 4: Autokey Specification", RFC 5906, 504 DOI 10.17487/RFC5906, June 2010, 505 . 507 [RFC7821] Mizrahi, T., "UDP Checksum Complement in the Network Time 508 Protocol (NTP)", RFC 7821, DOI 10.17487/RFC7821, March 509 2016, . 511 [RFC7822] Mizrahi, T. and D. Mayer, "Network Time Protocol Version 4 512 (NTPv4) Extension Fields", RFC 7822, DOI 10.17487/RFC7822, 513 March 2016, . 515 Authors' Addresses 517 Harlan Stenn 518 Network Time Foundation 519 P.O. Box 918 520 Talent, OR 97540 521 US 523 Email: stenn@nwtime.org 525 David L. Mills 526 Network Time Foundation 527 P.O. Box 918 528 Talent, OR 97540 529 US 531 Email: mills@udel.edu