From Fedora Project Wiki
Line 6: Line 6:


== Owner ==
== Owner ==
<!--
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]
For change proposals to qualify as self-contained, owners of all affected packages need to be included here. Alternatively, a SIG can be listed as an owner if it owns all affected packages.
* Email: mlichvar@redhat.com, mkolman@redhat.com
This should link to your home wiki page so we know who you are.
-->
* Name: [[User:mlichvar| Miroslav Lichvar]]
* Email: mlichvar@redhat.com


== Current status ==
== Current status ==
Line 40: Line 36:
When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable only over trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''.
When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable only over trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''.


We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS (although is not very clear how much would NTS help in this case as there is a large number of individual contributors instead of a single trusted entity and attackers could easily join the pool).
We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS, although it is not very clear how useful would NTS be in this case as the servers are owned by individual contributors instead of a single trusted entity and attackers can easily join the pool (some mitigations have been proposed on the pool mailing list).


Potential issues with enabling NTS by default:
Potential issues with enabling NTS by default:
Line 57: Line 53:


# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)
# TBD: Modify the default ''/etc/chrony.conf'' to use a public server with NTS support
# TBD: Modify the default ''/etc/chrony.conf'' to use public servers with NTS support
# TBD: Add support for enabling NTS to the installer
# Add an NTS option to the NTP settings in anaconda


* Other developers: N/A (not a System Wide Change)
* Other developers: N/A (not a System Wide Change)
Line 76: Line 72:
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.


If the installer was modified to support NTS, it should be tested that the generated configuration file is correct and that it disables NTP servers from DHCP in ''/etc/sysconfig/network''.
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected and that it adds `PEERNTP=no` to ''/etc/sysconfig/network''.


The `chronyc -N sources` command can be used to verify that NTP sources are responding and the `chronyc ntpdata` command shows which sources are authenticated. For example
The `chronyc -N sources` command can be used to verify that NTP sources are responding and the `chronyc ntpdata` command shows which sources are authenticated. For example
Line 91: Line 87:
== User Experience ==
== User Experience ==


NTS can be enabled on NTP clients and servers. The directives and options are documented in the `chrony.conf` man page.
NTS can be enabled in the NTP settings in the installer.


If the installer was modified to support NTS, a new checkbox or dialog will be visible to the user during installation.
NTS can be also enabled on NTP clients and servers by editing ''/etc/chrony.conf'' as documented in the  `chrony.conf` man page.


== Dependencies ==
== Dependencies ==

Revision as of 15:08, 1 April 2020

Network Time Security

Summary

Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP).

Owner

Current status

  • Targeted release: Fedora 33
  • Last updated: 2020-04-01
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking control over an NTP client (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.

NTS is a new authentication mechanism specified by the IETF for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies, which allows the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.

The default NTP client and server on Fedora is chrony. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.

NTS authentication can be enabled on the client by adding the nts option to the server or pool directive in /etc/chrony.conf. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the ntsport option. For example

server foo.example.com iburst nts ntsport 12123

When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable only over trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding PEERNTP=no to /etc/sysconfig/network.

We can consider changing the default /etc/chrony.conf to use some trusted public NTP servers with NTS support. There are public servers provided by Cloudflare and Netnod. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS, although it is not very clear how useful would NTS be in this case as the servers are owned by individual contributors instead of a single trusted entity and attackers can easily join the pool (some mitigations have been proposed on the pool mailing list).

Potential issues with enabling NTS by default:

  • firewalls may block the NTS-KE port
  • ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7 (NTS-KE supports port negotiation and an alternative port could be used to avoid this issue)
  • computers with no RTC (or RTC that is too far from the real time) will fail to verify TLS certificates

Benefit to Fedora

This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.

TBD: This change also makes the default configuration of the NTP client secure.

Scope

  • Proposal owners:
  1. Update chrony to 4.0 and enable the NTS support (adding dependency on GnuTLS)
  2. TBD: Modify the default /etc/chrony.conf to use public servers with NTS support
  3. Add an NTS option to the NTP settings in anaconda
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not needed for this Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Fedora systems updated from a previous version will use the new /etc/chrony.conf automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename /etc/chrony.conf.rpmnew to /etc/chrony.conf in order to enable NTS.

How To Test

If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.

The installer needs to be tested that it enables NTS in /etc/chrony.conf as expected and that it adds PEERNTP=no to /etc/sysconfig/network.

The chronyc -N sources command can be used to verify that NTP sources are responding and the chronyc ntpdata command shows which sources are authenticated. For example

   # chronyc -N sources
   MS Name/IP address         Stratum Poll Reach LastRx Last sample               
   ===============================================================================
   ^* time.cloudflare.com           3   6   377    28   -115us[ -111us] +/-   13ms
   ^+ nts.ntp.se                    2   6   377    27   +212us[ +212us] +/-   22ms
   # chronyc ntpdata | grep Auth
   Authenticated   : Yes
   Authenticated   : Yes
   

User Experience

NTS can be enabled in the NTP settings in the installer.

NTS can be also enabled on NTP clients and servers by editing /etc/chrony.conf as documented in the chrony.conf man page.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change)
  • Blocks product?

Documentation

N/A (not a System Wide Change)

Release Notes

TBD