Last Call Review of draft-ietf-ntp-chronos-16
review-ietf-ntp-chronos-16-secdir-lc-schwartz-2023-06-22-00
Request | Review of | draft-ietf-ntp-chronos |
---|---|---|
Requested revision | No specific revision (document currently at 25) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2023-06-22 | |
Requested | 2023-06-08 | |
Authors | Neta Rozen Schiff , Danny Dolev , Tal Mizrahi , Michael Schapira | |
I-D last updated | 2023-06-22 | |
Completed reviews |
Dnsdir Last Call review of -14
by Geoff Huston
(diff)
Genart Last Call review of -20 by Roni Even (diff) Opsdir Last Call review of -16 by Tianran Zhou (diff) Tsvart Last Call review of -16 by Tommy Pauly (diff) Secdir Last Call review of -16 by Benjamin M. Schwartz (diff) Intdir Telechat review of -17 by Tim Chown (diff) |
|
Assignment | Reviewer | Benjamin M. Schwartz |
State | Completed | |
Request | Last Call review on draft-ietf-ntp-chronos by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/liqWoVKWnvebJJY0c9oOFaOXVb0 | |
Reviewed revision | 16 (document currently at 25) | |
Result | Has nits | |
Completed | 2023-06-22 |
review-ietf-ntp-chronos-16-secdir-lc-schwartz-2023-06-22-00
This draft describes an improved variant of the NTP client state machine that can more reliably reject servers that are hostile or are under attack. It is effectively a summary of a more detailed research paper. Overall, the proposal appears reasonable, and is presented clearly. However, I do have two concerns to note: 1. The document's status is "Informational". The text is largely a summary of a more detailed academic research paper. The proposal has been implemented, but seemingly only in an academic demonstration codebase. If the Khronos behavior has not yet been implemented in a widely used NTP client codebase, I think the "Experimental" status would likely be more appropriate. 2. The document claims to defend against MITM attackers, but it also notes that the defense only applies to attackers that can interfere with some fraction of NTP server access. The security section should be expanded to note explicitly some attackers who are out of scope. One such attacker appears to be the "nearby MITM", who can selectively block any of the client's traffic.