Re: [auth48] [AD] AUTH48: RFC-to-be 9523 <draft-ietf-ntp-chronos-25> for your review

[Madison Church <mchurch@amsl.com>]

Hi Tal,

Thank you for your reply! We have marked your approval on the AUTH48 status page for this document (see https://www.rfc-editor.org/auth48/rfc9523).

We will await approvals from each author and the AD as well as a response to the followup question sent on January 4th before moving forward with the publication process (the question is copied below for convenience).

> For question 14:
>> 14) <!--[rfced] Please review the use of the following terms throughout
>>     the document and let us know how you would like to proceed.
>> 
>> Should the following be made uniform?
>> 
>> time offset and Khnronos time offset
>> 
>> watchdog vs. watchdog mode vs. watchdog mechanism
>> 
>> -->
> 
>> Original:
>> A Khronos watchdog periodically queries a set of m (tens) servers from a large (hundreds) server pool in each Khronos poll interval, where the m servers are selected from the server pool at random.
>> 
>> Update:
>> A Khronos periodically queries a set of m (tens) servers from a large (hundreds) server pool in each Khronos poll interval, where the m servers are selected from the server pool at random.
> 
> To confirm your intent for the "Update" text, should "A Khronos" say "A Khronos time offset" or otherwise?
> 
> Perhaps:
> A Khronos time offset periodically queries a set of m (tens) servers from a large (hundreds) server pool in each Khronos poll interval, where the m servers are selected from the server pool at random.

Thank you!
RFC Editor/mc

> On Jan 8, 2024, at 2:27 AM, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
> 
> Dear RFC Editor team,
> 
> Thanks for the updates. I have no further comments.
> I approve.
> 
> Cheers,
> Tal.
> 
> On Thu, Jan 4, 2024 at 6:36 PM Madison Church <mchurch@amsl.com> wrote:
>> 
>> Hi Tal, Neta, and *Erik,
>> 
>> *Erik, as AD, please review and approve the following changes. These changes are best viewed in this diff file: https://www.rfc-editor.org/authors/rfc9523-auth48diff.html.
>> - First paragraph in Section 3.1
>> - Addition and removal of normative references
>> - Added text at the end of Section 6
>> 
>> Tal and Neta, thank you both for your replies! We have updated the document accordingly and have two followup questions/comments.
>> 
>> For the question 9:
>>> 9) <!--[rfced] Is this a singular/plural change that should be made?  And
>>>     should this mention of a specific attack (MitM) be removed as it
>>>     is mentioned later in the same paragraph?
>>> 
>>> Original:
>>> The following powerful attacker, including MitM is considered:
>>> 
>>> [and then later]
>>> 
>>> Original:
>>> The threat model encompasses a broad spectrum of attackers, ranging
>>> from fairly weak (yet dangerous) MitM attackers...
>>> 
>>> 
>>> Perhaps:
>>> The following powerful attackers, including MITM, are considered.
>>> 
>>> Or
>>> 
>>> Perhaps:
>>> The following powerful attackers are considered.
>>> 
>>> -->
>>> [NRS] Thanks for the comment, please update the whole paragraph as follows:
>>> Original:
>>> The following powerful attacker, including MITM, is considered.  The attacker is assumed to control a subset (e.g., one-third) of the servers in NTP pools and is capable of fully determining the values of the time samples returned by these NTP servers.  The threat model encompasses a broad spectrum of attackers, ranging from fairly weak (yet dangerous) MITM attackers that are only capable of delaying and dropping packets (for example, using the Bufferbloat attack) to extremely powerful attackers who are in control of (even authenticated) NTP servers (see the detailed security requirements discussion in [RFC7384]).
>>> 
>>> Updated:
>>> The threat model encompasses a broad spectrum of attackers impacting a subset (e.g., one-third) of the servers in NTP pools. These attackers can range from a fairly weak (yet dangerous) MITM attacker that is only capable of delaying and dropping packets (e.g., using the Bufferbloat attack [RFC8033]) to extremely powerful attacker who is in control of (even authenticated) NTP servers and is capable of fully determining the values of the time samples returned by them (see detailed attacker discussion in [RFC7384]).
>> 
>> In addition to citing RFC 8033 in this paragraph as suggested, we have also specified "them" as "these NTP servers" as shown in the Original text to avoid ambiguity. Please let us know any objections.
>> 
>> Current:
>> The threat model encompasses a broad spectrum of attackers impacting a subset (e.g., one-third) of the servers in NTP pools. These attackers can range from a fairly weak (yet dangerous) MITM attacker that is only capable of delaying and dropping packets (e.g., using the Bufferbloat attack [RFC8033]) to extremely powerful attacker who is in control of (even authenticated) NTP servers and is capable of fully determining the values of the time samples returned by these NTP servers (see detailed attacker discussion in [RFC7384]).
>> 
>> 
>> For the question 14:
>>> 14) <!--[rfced] Please review the use of the following terms throughout
>>>     the document and let us know how you would like to proceed.
>>> 
>>> Should the following be made uniform?
>>> 
>>> time offset and Khnronos time offset
>>> 
>>> watchdog vs. watchdog mode vs. watchdog mechanism
>>> 
>>> -->
>> 
>>> Original:
>>> A Khronos watchdog periodically queries a set of m (tens) servers from a large (hundreds) server pool in each Khronos poll interval, where the m servers are selected from the server pool at random.
>>> 
>>> Update:
>>> A Khronos periodically queries a set of m (tens) servers from a large (hundreds) server pool in each Khronos poll interval, where the m servers are selected from the server pool at random.
>> 
>> To confirm your intent for the "Update" text, should "A Khronos" say "A Khronos time offset" or otherwise?
>> 
>> Perhaps:
>> A Khronos time offset periodically queries a set of m (tens) servers from a large (hundreds) server pool in each Khronos poll interval, where the m servers are selected from the server pool at random.
>> 
>> 
>> Updated XML file:
>>   https://www.rfc-editor.org/authors/rfc9523.xml
>> 
>> Updated output files:
>>   https://www.rfc-editor.org/authors/rfc9523.txt
>>   https://www.rfc-editor.org/authors/rfc9523.pdf
>>   https://www.rfc-editor.org/authors/rfc9523.html
>> 
>> Diff file showing all changes made during AUTH48:
>>   https://www.rfc-editor.org/authors/rfc9523-auth48diff.html
>> 
>> Diff files showing all changes:
>>   https://www.rfc-editor.org/authors/rfc9523-diff.html
>>   https://www.rfc-editor.org/authors/rfc9523-rfcdiff.html (side-by-side diff)
>>   https://www.rfc-editor.org/authors/rfc9523-alt-diff.html (diff showing changes where text is moved or deleted)
>> 
>> Note that it may be necessary for you to refresh your browser to view the most recent version.
>> 
>> For the AUTH48 status of this document, please see:
>>   https://www.rfc-editor.org/auth48/rfc9523
>> 
>> Thank you!
>> RFC Editor/mc
>> 
>> 
>>> On Jan 3, 2024, at 1:03 AM, Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote:
>>> 
>>> Dear RFC Editor Team,
>>> 
>>> Thanks for your work on this document.
>>> 
>>> One comment beyond the comments Neta already sent:
>>> The following line appears in two places in Section 8:
>>> Contact Martin Langer:neta.r.schiff@gmail.com
>>> 
>>> This is a typo, as the name does not match the email address.
>>> 
>>> Thanks,
>>> Tal.
>>> 
>>> On Sat, Dec 23, 2023 at 12:36 AM <rfc-editor@rfc-editor.org> wrote:
>>>> 
>>>> Authors,
>>>> 
>>>> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.
>>>> 
>>>> 1) <!--[rfced] Please review our updates to Section 2.1 "Terms and
>>>>    Abbreviations".  In the original, the expansions of abbreviations
>>>>    and document titles were intermixed.  If the current text does
>>>>    not suit, please let us know any objections.    -->
>>>> 
>>>> 
>>>> 2) <!--[rfced] Should "rate" be added to the second sentence to match the
>>>>    first?
>>>> 
>>>> Original:
>>>>    |    B     | An upper bound on the client's clock error rate    |
>>>>    |          | (ms/sec).                                          |
>>>> 
>>>>    |   ERR    | An upper bound on the client's clock error between |
>>>>    |          | Khronos polls (ms).
>>>> 
>>>> 
>>>> Perhaps:
>>>>    |    B     | An upper bound on the client's clock error rate    |
>>>>    |          | (ms/sec).                                          |
>>>> 
>>>>    |   ERR    | An upper bound on the client's clock error rate    |
>>>>    |          | between Khronos polls (ms).
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 3) <!--[rfced] Does the following suggested text correctly capture your
>>>>    intent?  if not, please let us know how we may rephrase.
>>>> 
>>>> Original:
>>>>  Calibration is performed at the first time the Khronos is executed,
>>>>  and also periodically, once in a long time (every two weeks).
>>>> 
>>>> Perhaps:
>>>>  Calibration is performed the first time Khronos is executed
>>>>  and periodically thereafter (once every two weeks). -->
>>>> 
>>>> 
>>>> 4) <!--[rfced] Is there a way to rephrase this sentence for clarity?  Is
>>>>    the meaning that Khronos forces the DNS queries that are sent to
>>>>    addresses of NTP pools to do the collecting of a group of all
>>>>    received IP addresses?
>>>> 
>>>> Original:
>>>> To this end, Khronos makes DNS queries to addresses of NTP pools
>>>> collect the union of all received IP addresses.
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 5) <!--[rfced] Should "selected to" read as "selected by the..."?  Or is
>>>>    the meaning "selected to be part of the Khronos pool"?  Please
>>>>    also review the capitalization of "Internet" here:
>>>> 
>>>> Original:
>>>>  In addition, servers can be selected to Khronos pool manually or by
>>>>  using other NTP pools (such as NIST internet time servers).
>>>> 
>>>> Perhaps:
>>>>  In addition, servers can be selected by the Khronos pool manually or by
>>>>  using other NTP pools (such as NIST Internet time servers).
>>>> 
>>>> or
>>>> 
>>>> Perhaps:
>>>>  In addition, servers can be selected to be part of the Khronos pool
>>>>  manually or by using other NTP pools (such as NIST Internet time
>>>>  servers).
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 6) <!--[rfced] Would it be helpful for the readers to move the following
>>>>    text to appear above the list in Section 3.2 (assuming it applies
>>>>    to both bullet points)?
>>>> 
>>>> Original:
>>>>  (where w and ERR are as described in Table 1).
>>>> 
>>>> Perhaps:
>>>>  Khronos checks that the following two conditions hold for the
>>>>  remaining sampled offsets (where w and ERR are as described in Table 1): -->
>>>> 
>>>> 
>>>> 7) <!--[rfced] In the following, may we clarify what "to arrive to" was
>>>>    communicating?
>>>> 
>>>> Original:
>>>> ...and the chances to arrive to repeated resampling
>>>> are low (see Section 5 for more details).
>>>> 
>>>> Perhaps:
>>>> ...and the chances of repeated resampling
>>>> are low (see Section 5 for more details).
>>>> 
>>>> or
>>>> 
>>>> Perhaps:
>>>> ...and the chances of ending up with repeated resampling
>>>> are low (see Section 5 for more details).
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 8) <!--[rfced] For the ease/interest of the reader, should a citation be
>>>>    included for more information on the "Blufferboat attack"?  If
>>>>    so, please let us know what you'd like to cite.  (We will assume
>>>>    this reference entry would be informative unless we heard
>>>>    otherwise.)
>>>> 
>>>> Original:
>>>> The threat model encompasses a broad spectrum of attackers, ranging
>>>> from fairly weak (yet dangerous) MitM attackers only capable of
>>>> delaying and dropping packets (for example using the Bufferbloat
>>>> attack) to extremely powerful attackers who are in control of (even
>>>> authenticated) NTP servers (see detailed security requirements
>>>> discussion in [RFC7384]).
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 9) <!--[rfced] Is this a singular/plural change that should be made?  And
>>>>    should this mention of a specific attack (MitM) be removed as it
>>>>    is mentioned later in the same paragraph?
>>>> 
>>>> Original:
>>>> The following powerful attacker, including MitM is considered:
>>>> 
>>>> [and then later]
>>>> 
>>>> Original:
>>>> The threat model encompasses a broad spectrum of attackers, ranging
>>>> from fairly weak (yet dangerous) MitM attackers...
>>>> 
>>>> 
>>>> Perhaps:
>>>> The following powerful attackers, including MITM, are considered.
>>>> 
>>>> Or
>>>> 
>>>> Perhaps:
>>>> The following powerful attackers are considered.
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 10) <!--[rfced] Section 5.3: This section suffers a bit from the fact that
>>>>    two scenarios with two sub-scenarios are discussed.  This leads
>>>>    to a decent amount of repeating text (and possible confusion for
>>>>    the reader).
>>>> 
>>>> We have updated the sub-cases to appear in ordered list form
>>>> (indented) already, but we believe further updates to this section
>>>> would make it easier for the reader to understand in a single read
>>>> (i.e., naming the two scenarios, referring to the sub-cases by
>>>> numbers, and breaking up the paragraph describing the sub-cases).
>>>> 
>>>> Please see a further question below the suggested text.
>>>> 
>>>> Please let us know if the following updates are agreeable:
>>>> 
>>>> Perhaps:
>>>>  Time samples that are at most w away from UTC are considered "good",
>>>>  whereas other samples are considered "malicious".  Two scenarios are
>>>>  considered:
>>>> 
>>>>  *  Scenario A: Less than two-thirds of the queried servers are under the
>>>>     attacker's control.
>>>> 
>>>>  *  Scenario B: The attacker controls more than two-thirds of the queried servers.
>>>> 
>>>>  Scenario A consists of two sub-cases:
>>>> 
>>>>  1.  there is at least one good sample in the set of samples not
>>>>      eliminated by Khronos (in the middle third of samples), and
>>>> 
>>>>  2.  there are no good samples in the remaining set of samples.
>>>> 
>>>>  In sub-case 1, the other remaining samples, including those
>>>>  provided by the attacker, must be close to a good sample
>>>>  (otherwise, the first condition of Khronos's system process in
>>>>  Section 3.2 is violated and a new set of servers is chosen).  This
>>>>  implies that the average of the remaining samples must be close to
>>>>  UTC.
>>>> 
>>>>  In sub-case 2, since more than a third of the initial samples were
>>>>  good, both the (discarded) third-lowest-value samples and the
>>>>  (discarded) third-highest-value samples must each contain a good
>>>>  sample.  Hence, all the remaining samples are bounded from both
>>>>  above and below by good samples, and so is their average value,
>>>>  implying that this value is close to UTC [RFC5905].
>>>> 
>>>>  In Scenario B, the worst possibility for the client is that all
>>>>  remaining samples are malicious (i.e., more than w away from UTC).
>>>>  However, as proved in [Khronos], the probability of this scenario is
>>>>  extremely low, even if the attacker controls a large fraction (e.g.,
>>>>  one-fourth) of the n servers in the local Khronos pool.  Therefore, the
>>>>  probability that the attacker repeatedly reaches this scenario
>>>>  decreases exponentially, rendering the probability of a significant
>>>>  time shift negligible.  We can express the improvement ratio of
>>>>  Khronos over NTPv4 by the ratios of their single-shift probabilities.
>>>>  Such ratios are provided in Table 2, where higher values indicate
>>>>  higher improvement of Khronos over NTPv4 and are also proportional to
>>>>  the expected time until a time-shift attack succeeds once.
>>>> 
>>>> 
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 11)  <!--[rfced] We had the following questions about the pseudocode in
>>>>     Section 6:
>>>> 
>>>> a) Please review the "type" attribute of each sourcecode element in
>>>> the XML file to ensure correctness.
>>>> 
>>>> We have updated to use "pseudocode" per the text introducing it.  If
>>>> this is incorrect, please see below for further guidance:
>>>> 
>>>> If the current list of preferred values for "type"
>>>> (https://www.rfc-editor.org/materials/sourcecode-types.txt) does not
>>>> contain an applicable type, then feel free to let us know. Also, it is
>>>> acceptable to leave the "type" attribute not set.
>>>> 
>>>> b) Please review the capitalization of "Then" and the use of a comma
>>>> in the following portion of pseudocode:
>>>> 
>>>> Original:
>>>>     if (max(T) - min(T) <= 2w) and (|avg(T) - tk| < ERR + 2w) Then
>>>>         return avg(T) // Normal case
>>>> 
>>>> Perhaps:
>>>>     if (max(T) - min(T) <= 2w) and (|avg(T) - tk| < ERR + 2w), then
>>>>     return avg(T) // Normal case
>>>> 
>>>> c) Please review the following line as it exceeds our character limit.
>>>> Please let us know how we can update.
>>>> 
>>>> Original:
>>>> S = sample(m) //gather samples from (tens of) randomly chosen servers
>>>> 
>>>> Perhaps:
>>>> S = sample(m) //get samples from (tens of) randomly chosen servers
>>>> -->
>>>> 
>>>> 
>>>> 12) <!--[rfced] May we remove the "Implementation Status" section prior to
>>>>    publication as an RFC?  Please see RFC 7942 for:
>>>> 
>>>> "We recommend that the Implementation Status section should be removed
>>>> from Internet-Drafts before they are published as RFCs."
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 13) <!--[rfced] We note that the title of the reference below is a
>>>>    duplicate of [Khronos]. We have updated the reference as it
>>>>    appears on the URL provided. Please let us know if any additional
>>>>    changes are needed.
>>>> 
>>>> Original:
>>>> [Ananke_paper]
>>>>          Perry, Y., Rozen-Schiff, N., and M. Schapira, "Preventing
>>>>          (Network) Time Travel with Chronos", 2021,
>>>>          <https://www.ndss-symposium.org/wp-content/uploads/
>>>>          ndss2021_1A-2_24302_paper.pdf>.
>>>> 
>>>> Current:
>>>> [Ananke]
>>>>          Perry, Y., Rozen-Schiff, N., and M. Schapira, "A Devil of
>>>>          a Time: How Vulnerable is NTP to Malicious Timeservers?",
>>>>          Network and Distributed Systems Security (NDSS) Symposium,
>>>>          Virtual, DOI 10.14722/ndss.2021.24302, February 2021,
>>>>          <https://www.ndss-symposium.org/wp-content/uploads/
>>>>          ndss2021_1A-2_24302_paper.pdf>. -->
>>>> 
>>>> 
>>>> 14) <!--[rfced] Please review the use of the following terms throughout
>>>>    the document and let us know how you would like to proceed.
>>>> 
>>>> Should the following be made uniform?
>>>> 
>>>> time offset and Khnronos time offset
>>>> 
>>>> watchdog vs. watchdog mode vs. watchdog mechanism
>>>> 
>>>> -->
>>>> 
>>>> 
>>>> 15) <!--[rfced] Please review the "Inclusive Language" portion of the
>>>>    online Style Guide
>>>>    <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
>>>>    and let us know if any changes are needed. For example, please
>>>>    consider whether "man-in-the-middle" should be updated. We note
>>>>    that "machine-in-the-middle" is used in the document. In the
>>>>    following sentence, may we replace "man-in-the-middle" with
>>>>    "MITM" (the abbreviation defined in this document for
>>>>    "machine-in-the-middle")? Or would a different term be
>>>>    appropriate here?
>>>> 
>>>> Original:
>>>>  We note that to accomplish
>>>>  this, the attacker must have man-in-the-middle capabilities with
>>>>  respect to the communication between each and every client in a large
>>>>  group of clients and a large fraction of all NTP servers in the
>>>>  queried pool.
>>>> 
>>>> Perhaps:
>>>>  We note that to accomplish
>>>>  this, the attacker must have MITM capabilities with
>>>>  respect to the communication between each and every client in a large
>>>>  group of clients and a large fraction of all NTP servers in the
>>>>  queried pool. -->
>>>> 
>>>> 
>>>> 16) <!--[rfced] FYI - We have added expansions for abbreviations upon
>>>>    first use per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please
>>>>    review each expansion in the document carefully to ensure
>>>>    correctness. -->
>>>> 
>>>> 
>>>> Thank you.
>>>> 
>>>> RFC Editor/mc/mf
>>>> 
>>>> *****IMPORTANT*****
>>>> 
>>>> Updated 2023/12/22
>>>> 
>>>> RFC Author(s):
>>>> --------------
>>>> 
>>>> Instructions for Completing AUTH48
>>>> 
>>>> Your document has now entered AUTH48.  Once it has been reviewed and
>>>> approved by you and all coauthors, it will be published as an RFC.
>>>> If an author is no longer available, there are several remedies
>>>> available as listed in the FAQ (https://www.rfc-editor.org/faq/).
>>>> 
>>>> You and you coauthors are responsible for engaging other parties
>>>> (e.g., Contributors or Working Group) as necessary before providing
>>>> your approval.
>>>> 
>>>> Planning your review
>>>> ---------------------
>>>> 
>>>> Please review the following aspects of your document:
>>>> 
>>>> *  RFC Editor questions
>>>> 
>>>>  Please review and resolve any questions raised by the RFC Editor
>>>>  that have been included in the XML file as comments marked as
>>>>  follows:
>>>> 
>>>>  <!-- [rfced] ... -->
>>>> 
>>>>  These questions will also be sent in a subsequent email.
>>>> 
>>>> *  Changes submitted by coauthors
>>>> 
>>>>  Please ensure that you review any changes submitted by your
>>>>  coauthors.  We assume that if you do not speak up that you
>>>>  agree to changes submitted by your coauthors.
>>>> 
>>>> *  Content
>>>> 
>>>>  Please review the full content of the document, as this cannot
>>>>  change once the RFC is published.  Please pay particular attention to:
>>>>  - IANA considerations updates (if applicable)
>>>>  - contact information
>>>>  - references
>>>> 
>>>> *  Copyright notices and legends
>>>> 
>>>>  Please review the copyright notice and legends as defined in
>>>>  RFC 5378 and the Trust Legal Provisions
>>>>  (TLP – https://trustee.ietf.org/license-info/).
>>>> 
>>>> *  Semantic markup
>>>> 
>>>>  Please review the markup in the XML file to ensure that elements of
>>>>  content are correctly tagged.  For example, ensure that <sourcecode>
>>>>  and <artwork> are set correctly.  See details at
>>>>  <https://authors.ietf.org/rfcxml-vocabulary>.
>>>> 
>>>> *  Formatted output
>>>> 
>>>>  Please review the PDF, HTML, and TXT files to ensure that the
>>>>  formatted output, as generated from the markup in the XML file, is
>>>>  reasonable.  Please note that the TXT will have formatting
>>>>  limitations compared to the PDF and HTML.
>>>> 
>>>> 
>>>> Submitting changes
>>>> ------------------
>>>> 
>>>> To submit changes, please reply to this email using ‘REPLY ALL’ as all
>>>> the parties CCed on this message need to see your changes. The parties
>>>> include:
>>>> 
>>>>  *  your coauthors
>>>> 
>>>>  *  rfc-editor@rfc-editor.org (the RPC team)
>>>> 
>>>>  *  other document participants, depending on the stream (e.g.,
>>>>     IETF Stream participants are your working group chairs, the
>>>>     responsible ADs, and the document shepherd).
>>>> 
>>>>  *  auth48archive@rfc-editor.org, which is a new archival mailing list
>>>>     to preserve AUTH48 conversations; it is not an active discussion
>>>>     list:
>>>> 
>>>>    *  More info:
>>>>       https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc
>>>> 
>>>>    *  The archive itself:
>>>>       https://mailarchive.ietf.org/arch/browse/auth48archive/
>>>> 
>>>>    *  Note: If only absolutely necessary, you may temporarily opt out
>>>>       of the archiving of messages (e.g., to discuss a sensitive matter).
>>>>       If needed, please add a note at the top of the message that you
>>>>       have dropped the address. When the discussion is concluded,
>>>>       auth48archive@rfc-editor.org will be re-added to the CC list and
>>>>       its addition will be noted at the top of the message.
>>>> 
>>>> You may submit your changes in one of two ways:
>>>> 
>>>> An update to the provided XML file
>>>> — OR —
>>>> An explicit list of changes in this format
>>>> 
>>>> Section # (or indicate Global)
>>>> 
>>>> OLD:
>>>> old text
>>>> 
>>>> NEW:
>>>> new text
>>>> 
>>>> You do not need to reply with both an updated XML file and an explicit
>>>> list of changes, as either form is sufficient.
>>>> 
>>>> We will ask a stream manager to review and approve any changes that seem
>>>> beyond editorial in nature, e.g., addition of new text, deletion of text,
>>>> and technical changes.  Information about stream managers can be found in
>>>> the FAQ.  Editorial changes do not require approval from a stream manager.
>>>> 
>>>> 
>>>> Approving for publication
>>>> --------------------------
>>>> 
>>>> To approve your RFC for publication, please reply to this email stating
>>>> that you approve this RFC for publication.  Please use ‘REPLY ALL’,
>>>> as all the parties CCed on this message need to see your approval.
>>>> 
>>>> 
>>>> Files
>>>> -----
>>>> 
>>>> The files are available here:
>>>>  https://www.rfc-editor.org/authors/rfc9523.xml
>>>>  https://www.rfc-editor.org/authors/rfc9523.html
>>>>  https://www.rfc-editor.org/authors/rfc9523.pdf
>>>>  https://www.rfc-editor.org/authors/rfc9523.txt
>>>> 
>>>> Diff file of the text:
>>>>  https://www.rfc-editor.org/authors/rfc9523-diff.html
>>>>  https://www.rfc-editor.org/authors/rfc9523-rfcdiff.html (side by side)
>>>> 
>>>> Diff of the XML:
>>>>  https://www.rfc-editor.org/authors/rfc9523-xmldiff1.html
>>>> 
>>>> The following files are provided to facilitate creation of your own
>>>> diff files of the XML.
>>>> 
>>>> Initial XMLv3 created using XMLv2 as input:
>>>>  https://www.rfc-editor.org/authors/rfc9523.original.v2v3.xml
>>>> 
>>>> XMLv3 file that is a best effort to capture v3-related format updates
>>>> only:
>>>>  https://www.rfc-editor.org/authors/rfc9523.form.xml
>>>> 
>>>> 
>>>> Tracking progress
>>>> -----------------
>>>> 
>>>> The details of the AUTH48 status of your document are here:
>>>>  https://www.rfc-editor.org/auth48/rfc9523
>>>> 
>>>> Please let us know if you have any questions.
>>>> 
>>>> Thank you for your cooperation,
>>>> 
>>>> RFC Editor
>>>> 
>>>> --------------------------------------
>>>> RFC9523 (draft-ietf-ntp-chronos-25)
>>>> 
>>>> Title            : A Secure Selection and Filtering Mechanism for the Network Time Protocol with Khronos
>>>> Author(s)        : N. Rozen-Schiff, D. Dolev, T. Mizrahi, M. Schapira
>>>> WG Chair(s)      : Dieter Sibold, Karen O'Donoghue
>>>> 
>>>> Area Director(s) : Erik Kline, Éric Vyncke