Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ntp-checksum-trailer-04
Tal Mizrahi <talmi@marvell.com> Wed, 02 March 2016 07:16 UTC
Return-Path: <talmi@marvell.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3138E1A6F2E; Tue, 1 Mar 2016 23:16:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.267
X-Spam-Level:
X-Spam-Status: No, score=-2.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZdL6TKIBoH7Y; Tue, 1 Mar 2016 23:16:26 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C96691A6F17; Tue, 1 Mar 2016 23:16:26 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id u227EqVA012427; Tue, 1 Mar 2016 23:16:12 -0800
Received: from il-exch02.marvell.com ([199.203.130.102]) by mx0b-0016f401.pphosted.com with ESMTP id 21deq5tn53-1 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 01 Mar 2016 23:16:12 -0800
Received: from IL-EXCH01.marvell.com (10.4.102.220) by IL-EXCH02.marvell.com (10.4.102.221) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 2 Mar 2016 09:16:10 +0200
Received: from IL-EXCH01.marvell.com ([fe80::5d63:81cd:31e2:fc36]) by IL-EXCH01.marvell.com ([fe80::5d63:81cd:31e2:fc36%20]) with mapi id 15.00.1104.000; Wed, 2 Mar 2016 09:16:09 +0200
From: Tal Mizrahi <talmi@marvell.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, "draft-ietf-ntp-checksum-trailer.all@ietf.org" <draft-ietf-ntp-checksum-trailer.all@ietf.org>
Thread-Topic: [Gen-art] Gen-ART Last Call review of draft-ietf-ntp-checksum-trailer-04
Thread-Index: AQHRbnqDEPnq5jDQbEiEfYS4Ttp+gp88THlwgACSAACABCJswIAA4S4AgAJ285CAAH8kAIAA8DzQ
Date: Wed, 02 Mar 2016 07:16:09 +0000
Message-ID: <e36ce33e878248a8ae8dc6a934171f40@IL-EXCH01.marvell.com>
References: <56818AED.8090909@alum.mit.edu> <56CCC3D8.7010600@alum.mit.edu> <1fd008bb55c84958aa1b038fe42bf793@IL-EXCH01.marvell.com> <56CF33EE.8040007@alum.mit.edu> <8d092733b39248d69cad3f935f94a896@IL-EXCH01.marvell.com> <56D368B2.20503@alum.mit.edu> <7510e9ba4a2d42c293d746350c7d730c@IL-EXCH01.marvell.com> <56D5E4A0.6060101@alum.mit.edu>
In-Reply-To: <56D5E4A0.6060101@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.4.102.210]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-03-02_02:, , signatures=0
X-Proofpoint-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1601100000 definitions=main-1603020130
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/ceX5K6aznwcDGuk33pd-VubbE2g>
Cc: General Area Review Team <gen-art@ietf.org>, "Brian Haberman (brian@innovationslab.net)" <brian@innovationslab.net>, "Karen ODonoghue (odonoghue@isoc.org)" <odonoghue@isoc.org>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ntp-checksum-trailer-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 07:16:29 -0000
Hi Paul, >Rather, my concern is that RFC5905 says when there are extensions >in the message they will always be followed by a MAC. (There is no provision >for an extension without a MAC.) Please note that this part of RFC5905 was corrected by erratum 3627 (https://www.rfc-editor.org/errata_search.php?rfc=5905), and the corrected text is: "In NTPv4, one or more extension fields can be inserted after the header and before the MAC, if a MAC is present. If a MAC is not present, one or more extension fields can be inserted after the header, according to the following rules..." >So, if you send a message with the >checksum trailer but without a MAC, and it is received by a device that only >implements the base 5905, even if the device properly ignores unknown >extensions, it may still find fault with the message and ignore it. An implementation that complies to the corrected text (from the erratum) will not run into this problem. Regards, Tal. >-----Original Message----- >From: Paul Kyzivat [mailto:pkyzivat@alum.mit.edu] >Sent: Tuesday, March 01, 2016 8:51 PM >To: Tal Mizrahi; draft-ietf-ntp-checksum-trailer.all@ietf.org >Cc: General Area Review Team; Brian Haberman (brian@innovationslab.net); >Suresh Krishnan; Karen ODonoghue (odonoghue@isoc.org) >Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ntp-checksum- >trailer-04 > >Hi Tal, > >On 3/1/16 4:17 AM, Tal Mizrahi wrote: >> Hi Paul, >> >> A new version of the draft has been posted, and I believe it addresses all the >comments you raised. >> https://tools.ietf.org/html/draft-ietf-ntp-checksum-trailer-05 > >Thanks. This rev addresses most of my concerns. I still have one concern: > >The revised interoperability discussion in 3.3 doesn't quite capture the thing I >am worried about. My concern wasn't that an implementation might fail to >ignore an unknown extension. (I think that has always been >required.) Rather, my concern is that RFC5905 says when there are extensions >in the message they will always be followed by a MAC. (There is no provision >for an extension without a MAC.) So, if you send a message with the >checksum trailer but without a MAC, and it is received by a device that only >implements the base 5905, even if the device properly ignores unknown >extensions, it may still find fault with the message and ignore it. > >Perhaps plausible implementations won't have such problems. But it would be >worth mentioning. > > Thanks, > Paul > > > >> Thanks, >> Tal. >> >> >>> -----Original Message----- >>> From: Paul Kyzivat [mailto:pkyzivat@alum.mit.edu] >>> Sent: Sunday, February 28, 2016 11:38 PM >>> To: Tal Mizrahi; draft-ietf-ntp-checksum-trailer.all@ietf.org >>> Cc: General Area Review Team; Brian Haberman >>> (brian@innovationslab.net); Suresh Krishnan; Karen ODonoghue >>> (odonoghue@isoc.org) >>> Subject: Re: [Gen-art] Gen-ART Last Call review of >>> draft-ietf-ntp-checksum- >>> trailer-04 >>> >>> Hi Tal, >>> >>> On 2/28/16 1:31 AM, Tal Mizrahi wrote: >>>> Hi Paul, >>>> >>>> >>>> >>>>> Isn't this serious? IIUC in many (most?) cases the transmitters and >>>>> intermediate nodes won't know if the receiver supports [NTP-Ext]. >>>>> Inserting this for those that don't will deny them of the time they >>>>> are looking for. >>>>> >>>>> Shouldn't there be some discussion of how a decision can be made >>>>> about when to use this in order to avoid breaking receivers? >>>> >>>> >>>> I believe that the Checksum Complement is most useful in LANs and in >>> locally administered environments, where both client and server are >>> managed by the same administrator. These are the cases where you need >>> a high clock accuracy, and you will want to get the extra juice from >>> hardware timestamping + Checksum Complement. >>>> I believe it is less likely that the Checksum Complement will be >>>> used by a >>> client that connects to a random NTP server. >>>> >>>> Having said that, I agree that this should be reflected in the >>>> draft, and thus I >>> suggest the following text for Section 3.3: >>>> >>>> "The behavior defined in this document does not impose new >>>> requirements >>> on the reception of NTP packets beyond the requirements defined in >>> [NTP- Ext]. Note that, as defined in [NTP-Ext], a host that receives >>> an NTP message with an unknown extension field SHOULD ignore the >>> extension field and MAY drop the packet if policy requires it. Thus, >>> transmitters and intermediate nodes that support the Checksum >>> Complement can transparently interoperate with receivers that are not >>> Checksum-Complement-compliant, as long as these receivers ignore >>> unknown extension fields. It is noted that existing implementations >>> that discard packets with unknown extension fields cannot interoperate >with transmitters that use the Checksum Complement. >>>> >>>> It should be noted that when hardware-based timestamping is used, it >>>> will >>> likely be used at both ends, and thus both hosts that take part in >>> the protocol will support the functionality described in this memo. >>> If only one of the hosts uses hardware-based timestamping, then the >>> Checksum Complement can only be used if it is known that the peer >>> host can accept the Checksum Complement." >>> >>> OK. That seems like a reasonable way to deal with it. >>> >>>>> I think so. However the erratam also has exactly the text I was >>>>> hoping to find describing how extensions and the mac are parsed out >>>>> of the packet by the receiver, and I don't see that in [NTP-Ext]. >>>>> In principle it is not necessary (it is an exercise for the reader >>>>> to figure out how to do this) but having it ensures that developers get it >right. >>>>> >>>>> Is there a reason why [NTP-Ext] doesn't also pick that up from the >>> erratam? >>>>> (Of course that has no bearing on *this* draft.) >>>> >>>> Actually, [NTP-Ext] uses the exact text from the erratum (with some >>> additional text in the middle). >>> >>> What *isn't* in [NTP-Ext] are the notes from the erratum - notably >>> the 2nd one. ISTM that would be very helpful to readers. >>> >>> (But my review of *this* document isn't conditioned on dealing with >>> that.) >>> >>> Do you plan to have a revised version out soon? So far this has been >>> a LC review. I'm also on the hook to to a telechat review. There is >>> an amazingly short gap (two days) between end of LC and the telchat. >>> (I've never seen it so tight. I wonder if people will have time to >>> review a revised document for the telechat? >>> >>> If there is no revised document from the LC before the telechat then >>> I will simply send my same review again as the telechat review, along >>> with a note that we have agreed on some changes. If you plan on >>> getting a new revision out I will try to update my review accordingly. >>> >>> Thanks, >>> Paul >> >>
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Les Ginsberg (ginsberg)
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- [Gen-art] Gen-ART Telechat review of draft-ietf-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Les Ginsberg (ginsberg)
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Les Ginsberg (ginsberg)
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Xuxiaohu
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Uma Chunduri
- [Gen-art] Gen-ART Telechat review of draft-ietf-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Telechat review of draft-ie… Jari Arkko
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Tal Mizrahi
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Tal Mizrahi
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Tal Mizrahi
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Tal Mizrahi
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- [Gen-art] Gen-ART Telechat review of draft-ietf-n… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Jari Arkko
- [Gen-art] Gen-ART Last Call review of draft-alaku… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-a… Zoltan Szabadka
- Re: [Gen-art] Gen-ART Last Call review of draft-a… Paul Kyzivat
- [Gen-art] Gen-ART Telechat review of draft-alakui… Paul Kyzivat
- [Gen-art] Gen-ART Telechat review of draft-alakui… Paul Kyzivat
- Re: [Gen-art] Gen-ART Telechat review of draft-al… Jari Arkko
- [Gen-art] Gen-ART Telechat review of draft-ietf-b… Paul Kyzivat
- Re: [Gen-art] Gen-ART Telechat review of draft-ie… Jari Arkko