IETF Logo Mail Archive

Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) OptionsforDHCPv6

"TS Glassey" <tglassey@earthlink.net> Mon, 26 November 2007 03:06 UTC

Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwUIr-0006WH-4X; Sun, 25 Nov 2007 22:06:33 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwUIp-0006W5-Tf for dhcwg@ietf.org; Sun, 25 Nov 2007 22:06:31 -0500
Received: from elasmtp-dupuy.atl.sa.earthlink.net ([209.86.89.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IwUIm-0007tG-9t for dhcwg@ietf.org; Sun, 25 Nov 2007 22:06:31 -0500
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=tjS3DomP8mNDUbu2OEtmqu/9Iqd2F1DFz/evGgiRMJbbRMoJLsLXTMxDB7ZDSGxp; h=Received:Message-ID:From:To:Cc:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
Received: from [24.23.176.93] (helo=tsg1) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1IwUIk-0006SN-Lh; Sun, 25 Nov 2007 22:06:26 -0500
Message-ID: <018d01c82fd9$554da620$6401a8c0@tsg1>
From: TS Glassey <tglassey@earthlink.net>
To: Ted Lemon <mellon@fugue.com>, Brian Utterback <brian.utterback@sun.com>
References: <200711260009.lAQ092va059077@drugs.dv.isc.org><EF06E977-C3D9-4EDF-A126-6CD888BA8F36@fugue.com><474A213E.1040304@sun.com> <030AED4F-4876-43AB-93C4-0D2EBD33DFFC@fugue.com>
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) OptionsforDHCPv6
Date: Sun, 25 Nov 2007 19:06:23 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79335bb8cbc793ee0f908de2d741e3359e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 24.23.176.93
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc: ntpwg@lists.ntp.org, dhcwg@ietf.org, "Richard Gayraud (rgayraud)" <rgayraud@cisco.com>
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org

Ted...From an audit perspective Time Transfer is one of those things that 
needs an audit profile for it, and adding more loopholes is the way to make 
the security model harder to prove not easier.

Todd

----- Original Message ----- 
From: "Ted Lemon" <mellon@fugue.com>
To: "Brian Utterback" <brian.utterback@sun.com>
Cc: <ntpwg@lists.ntp.org>; <dhcwg@ietf.org>; "Richard Gayraud (rgayraud)" 
<rgayraud@cisco.com>
Sent: Sunday, November 25, 2007 6:42 PM
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) 
OptionsforDHCPv6


> On Nov 25, 2007, at 7:28 PM, Brian Utterback wrote:
>> So, the advantage of serving a FQDN is that the client is forced to
>> resolve the host and get the IP
>> addresses from DNS and removal of an IP from the DNS name system will
>> cause all the traffic
>> to that IP to eventually disappear.
>
> The client is not *forced* to do anything.   Whether or not it does
> what you describe depends on the implementation.   On a practical
> level, there is no difference between refreshing information from the
> DNS and refreshing information from DHCP.
>
>> We can specify in the DHCP protocol that when the DHCP lease is
>> renewed,
>> that the
>> NTP client must accept a new IP address and if different from the old
>> one, cease using
>> the old one.  We can specify that the DHCP client may only serve site
>> local addresses
>> unless the IP addresses served are themselves the result of periodic
>> DNS
>> lookup if
>> FQDN's. We can specify that the FQDN used may not be hard coded and
>> must be
>> configurable.
>
> You can specify things until you're blue in the face, but no
> specification that you write forces the implementor to do anything.
> As a practical matter, specifying things like this isn't really going
> to accomplish your goals.
>
> It's probably good to write a requirement that the NTP server MUST
> process updates from the DHCP client each time the client refreshes
> the NTP server addresses option, but the reason this will get
> implemented is that clients that don't implement it won't work reliably.
>
> I would expect the DHC working group to choose between using IP
> addresses or using FQDNs.   We don't like to have flags that switch
> between these, because they create implementation complexity and cause
> interoperability problems.
>
> I am in favor of using IP addresses because it uses less space in the
> packet, because it simplifies client-side implementations, and because
> every DHCP server of which I'm aware will take either an IP address or
> a domain name in any configuration field where an IP address is called
> for, and will look the IP address up in the DNS if a domain name was
> provided.   So you get the exact functionality you want, without any
> complexity on the part of the client.
>
> _______________________________________________
> ntpwg mailing list
> ntpwg@lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/ntpwg 


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email