(Add trackers) |
mNo edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 28: | Line 28: | ||
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD. | The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD. | ||
NTS is not enabled by default. It can be enabled on clients by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf'' | NTS is not enabled by default. It can be enabled on clients by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. For example | ||
` | ` | ||
server time.example.com iburst nts | server time.example.com iburst nts | ||
` | ` | ||
There are several issues that may prevent NTS from working correctly: | There are several issues that may prevent NTS from working correctly: | ||
* Firewalls may block the NTS-KE port. | * Firewalls may block the NTS-KE port. | ||
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and an alternative port | * ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and servers can provide an alternative port to avoid this issue. | ||
* Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. It is possible to disable the time checks before the first update of the clock by adding `nocerttimecheck 1` to ''/etc/chrony.conf'', but it has an impact on security. | * Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. It is possible to disable the time checks before the first update of the clock by adding `nocerttimecheck 1` to ''/etc/chrony.conf'', but it has an impact on security. | ||
Line 63: | Line 63: | ||
== How To Test == | == How To Test == | ||
Client NTS is enabled in ''/etc/chrony.conf'' by adding the `nts` option to the `server` or `pool` directive | Client NTS is enabled in ''/etc/chrony.conf'' by adding the `nts` option to the `server` or `pool` directive. For example: | ||
server | server nts.sth1.ntp.se iburst nts | ||
server | server time.cloudflare.com iburst nts | ||
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected. | The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected. | ||
The `chronyc -N sources` command can be used to verify that NTP | The `chronyc -N sources` command can be used to verify that the NTP servers are responding. The `chronyc -N authdata` command can be used to verify that the servers are authenticated with NTS. For example: | ||
# chronyc -N sources | # chronyc -N sources | ||
MS Name/IP address Stratum Poll Reach LastRx Last sample | MS Name/IP address Stratum Poll Reach LastRx Last sample | ||
=============================================================================== | =============================================================================== | ||
^ | ^- nts.sth1.ntp.se 1 2 377 4 +1241us[+1241us] +/- 1500ms | ||
^ | ^* time.cloudflare.com 3 6 377 47 -28us[ -44us] +/- 11ms | ||
# chronyc | |||
# chronyc -N authdata | |||
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen | |||
========================================================================= | |||
nts.sth1.ntp.se NTS 1 15 256 139 0 0 8 100 | |||
time.cloudflare.com NTS 1 15 256 141 0 0 8 100 | |||
== User Experience == | == User Experience == |
Latest revision as of 12:31, 8 September 2020
Network Time Security
Summary
Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda).
Owner
- Name: Miroslav Lichvar, Martin Kolman
- Email: mlichvar@redhat.com, mkolman@redhat.com
Current status
- Targeted release: Fedora 33
- Last updated: 2020-09-08
- FESCo issue: #2372
- Tracker bug: #1834855
- Release notes tracker: #508
Detailed Description
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking full control over the client's clock (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.
NTS is a new authentication mechanism specified by the IETF for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies which allow the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.
The default NTP client and server on Fedora is chrony
. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.
NTS is not enabled by default. It can be enabled on clients by adding the nts
option to the server
or pool
directive in /etc/chrony.conf. For example
server time.example.com iburst nts
There are several issues that may prevent NTS from working correctly:
- Firewalls may block the NTS-KE port.
- ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and servers can provide an alternative port to avoid this issue.
- Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. It is possible to disable the time checks before the first update of the clock by adding
nocerttimecheck 1
to /etc/chrony.conf, but it has an impact on security.
Benefit to Fedora
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.
Scope
- Proposal owners:
- Update
chrony
to 4.0 and enable the NTS support (adding dependency on GnuTLS) - Add NTS support to the NTP settings in anaconda
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not needed for this Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
There is no impact as NTS is not enabled by default.
How To Test
Client NTS is enabled in /etc/chrony.conf by adding the nts
option to the server
or pool
directive. For example:
server nts.sth1.ntp.se iburst nts server time.cloudflare.com iburst nts
The installer needs to be tested that it enables NTS in /etc/chrony.conf as expected.
The chronyc -N sources
command can be used to verify that the NTP servers are responding. The chronyc -N authdata
command can be used to verify that the servers are authenticated with NTS. For example:
# chronyc -N sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- nts.sth1.ntp.se 1 2 377 4 +1241us[+1241us] +/- 1500ms ^* time.cloudflare.com 3 6 377 47 -28us[ -44us] +/- 11ms
# chronyc -N authdata Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen ========================================================================= nts.sth1.ntp.se NTS 1 15 256 139 0 0 8 100 time.cloudflare.com NTS 1 15 256 141 0 0 8 100
User Experience
Client NTS can be enabled in the NTP settings in the installer.
Client and server NTS can be enabled by editing /etc/chrony.conf as documented in the chrony.conf
man page.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change)
- Blocks product?
Documentation
N/A (not a System Wide Change)
Release Notes
TBD