IETF Logo Mail Archive

RE: Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice

Denis Reilly <denis.reilly@orolia.com> Wed, 31 October 2018 19:54 UTC

Return-Path: <denis.reilly@orolia.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6794E128CF2; Wed, 31 Oct 2018 12:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=orolia.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lkR7-MlVbOQS; Wed, 31 Oct 2018 12:54:27 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0042.outbound.protection.outlook.com [104.47.2.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0E4E1277C8; Wed, 31 Oct 2018 12:54:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orolia.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oV8MjVlQRkLM6DOTuwLnzOe6wnnY1ASWBOU6/ZR29rg=; b=j54O1iJCkkC03Wc0x+pRFuIsvjrN41TSPdj3J52cn4WIKa0A/wR0iIHuiNPXhuCf2YffCE79vCmh2GMcsiGNcR/T2tIir8mUoHBWaCq649xoV0WK0Mj3pSs2rvdtntH50qVOMI2A0yi99Sht1p5ebKrhSt3rNiX0BoRBZQdqSl0=
Received: from AM0PR0602MB3730.eurprd06.prod.outlook.com (52.133.40.31) by AM0PR0602MB3540.eurprd06.prod.outlook.com (52.133.49.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.20; Wed, 31 Oct 2018 19:54:23 +0000
Received: from AM0PR0602MB3730.eurprd06.prod.outlook.com ([fe80::64b9:97ca:1bf0:ac9f]) by AM0PR0602MB3730.eurprd06.prod.outlook.com ([fe80::64b9:97ca:1bf0:ac9f%2]) with mapi id 15.20.1273.027; Wed, 31 Oct 2018 19:54:23 +0000
From: Denis Reilly <denis.reilly@orolia.com>
To: tom petch <daedulus@btconnect.com>, ietf <ietf@ietf.org>
CC: "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, "ntp@ietf.org" <ntp@ietf.org>, "draft-ietf-ntp-bcp@ietf.org" <draft-ietf-ntp-bcp@ietf.org>, "suresh@kaloom.com" <suresh@kaloom.com>
Subject: RE: Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice
Thread-Topic: Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice
Thread-Index: AQHUVCkd9GjeQ4Kgk0eDiaKEJKC246U582TA
Date: Wed, 31 Oct 2018 19:54:23 +0000
Message-ID: <AM0PR0602MB373028CB186964DE605095D5FFCD0@AM0PR0602MB3730.eurprd06.prod.outlook.com>
References: <153780882752.28012.13609334805933711190.idtracker@ietfa.amsl.com> <031701d4557f$43081e00$4001a8c0@gateway.2wire.net>
In-Reply-To: <031701d4557f$43081e00$4001a8c0@gateway.2wire.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=denis.reilly@orolia.com;
x-originating-ip: [66.193.84.98]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM0PR0602MB3540; 6:k2kWjhv9r+NZJs8H7lh5qUV5/d6DIydkjZ+c+nb9SogY82Lqxc+XFNjoswYqm2TX0lV/kZJ409Kn4VuZmcN+e6P2ZNfmElK3ds0nXiQm5yIm3qABC++FmZxg7Xy50yu/OKZ5f0YTzaev9tigK+S7ItnXrlC0mbH+qvCngjNq1L2eiacycxN3VVVsfv6pvGWv4mCWmn/9MWkW6slIbLwU7tScUdrFMkGO+oKRO6lNZ5hxurG+CH6fnTr3TFCDoNsopV1aQEfG/veC6DRw2/HdB78mKUFQ5ogQC/0gLIFdqSqfJXq8Miv8iDtC+KeZ4qVWhufw1h0HhfwDOYA1WeyoX+Ml+TBXhZtYknaxjoMJzqptQLCe1Lt9B2TrwvInnxys3BXU2yItFYj51DsbYxew/O7XZGdIK/eHLDxcPTVyeKsiJpYeQAkx7U6KNvNYiTyZvWQW1R1/SWjiq0ks2JoHDw==; 5:uQAa5w2UYeMtSaNME0bCoqPRoWwRsUuxpO8D1QMBGQUOEUfLqjaJI7Ru9K83Yj/3tSdREytwrplJ4O8vMqWQFoB9zMYgQ7fozRalCuyWKyQfBAAFUzQ8H5gf7OTU0CMZ3Lkn/Gjzl4dBIom1b0dITo4M21obB9wEVvUSipXlCmA=; 7:EvEjugQdfbF5NrqXfrmsj5ndol4JDNyg0ECklPMTsjAGLSEhYFDuTOENMrc3v0x1i2F6u8pk2B17a5s/RA8abx8TMQlwsynO8JREvLc1hjCIs9hCbrBZz4CLreJHwm9DivYFgnWjscWsBCSFSbwmmA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 986c8285-b21c-4235-617a-08d63f6aa80f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM0PR0602MB3540;
x-ms-traffictypediagnostic: AM0PR0602MB3540:
x-microsoft-antispam-prvs: <AM0PR0602MB3540EF25FC5772D2AFB86723FFCD0@AM0PR0602MB3540.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(72170088055959)(192374486261705)(120809045254105)(219612443155931)(178726229863574);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231382)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(148016)(149066)(150057)(6041310)(201703131423095)(201703031522075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:AM0PR0602MB3540; BCL:0; PCL:0; RULEID:; SRVR:AM0PR0602MB3540;
x-forefront-prvs: 084285FC5C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39850400004)(366004)(376002)(136003)(396003)(13464003)(199004)(189003)(71200400001)(71190400001)(11346002)(53936002)(25786009)(229853002)(446003)(8936002)(7696005)(476003)(2906002)(3846002)(44832011)(6116002)(76176011)(9686003)(6306002)(486006)(186003)(4326008)(99286004)(55016002)(86362001)(14454004)(54906003)(8676002)(110136005)(105586002)(81156014)(68736007)(106356001)(296002)(316002)(5660300001)(5024004)(102836004)(14444005)(53546011)(2900100001)(26005)(81166006)(5250100002)(256004)(6506007)(33656002)(66066001)(966005)(74316002)(6246003)(7736002)(6436002)(97736004)(305945005)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR0602MB3540; H:AM0PR0602MB3730.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: orolia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: BBsM0yjdlENl9zz5P3J8k4xL2UudIMEepH+vflnw5FTUmorOG4WxqEPKiDxWG3Phk/+EOntXezFOm+9G/UxTEX9l+5fFGzObf6DJSB71yNFcXU+yMgbCslqNcmqbmp/bH+UdlA/a1er8eBTiOGcEvWnHjcatU4Tb6ta+7QhpPrGqvOaeYDp63ATKgC1Fhi5KOCymRgHOFl9IE++XkAdVA257xL4DWJ6CbaFUS7HVmuFFVTGKYIriNu0anLturQuYnu1LEI53+k+tpbRQ/LJ/uRfGWALqCgZnrSYalOukBYEsK4rIXl8d8/1IgRjMsCXaxPBscgNytQnTFwX9NwXku5gO45eJDx9JuXzyB/YBpwY=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: orolia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 986c8285-b21c-4235-617a-08d63f6aa80f
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2018 19:54:23.7386 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a263030c-9c1b-421f-9471-1dec0b29c664
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0602MB3540
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/wVpJPV_GH48VerxGdkTWQx2FZPo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 19:54:31 -0000

Hello, Tom! We appreciate your comments. Responses are in-line.

--
Denis Reilly  |  Technical Lead  |  denis.reilly@orolia.com  (585)321-5837

-----Original Message-----
From: tom petch <daedulus@btconnect.com> 
Sent: Wednesday, September 26, 2018 5:57 AM
To: ietf <ietf@ietf.org>
Cc: ntp-chairs@ietf.org; ntp@ietf.org; draft-ietf-ntp-bcp@ietf.org; suresh@kaloom.com
Subject: Re: Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice

This I-D leaves me uncertain.  Should it be an RFC?  Does it qualify for BCP status?  I think 'maybe' and 'no' respectively

There are a number of detailed glitches - see below - but the overall style is of more concern to me where BCP status is concerned. Statements such as:
- the answer is obvious
- they agree well enough
- Use your NTP implementation's remote monitoring capabilities to
   quickly identify servers which are out of sync
- the MAC may always be based on an MD5 hash
- Readers are encouraged to adopt its mechanisms.
- Contact the maintainers of your  implementation for more information.
- access control should be used to limit the exposure of this information to inappropriate third parties
- A much better approach might be
- If, against long-standing recommendation,
- Readers of this BCP already understand
- Readers are encouraged to check the status of the draft,

some of which I think misleading, none of which I expect to see in a BCP.  Most of it is too vague for me; section 6 stands out as being more of what I would expect to see in a BCP.

DR: We are always looking for areas to improve the language and make it more like "what people expect" to have in a BCP. We are trying to balance the specific recommendations that we know we can make with the "best practices" that may only apply in certain situations.



Also, it is symptomatic, for me, that the 'Requirements Language' is out of date, lacking reference to RFC8174, and yet I see a lot of lower case words, such as 'recommended', along with some upper case.

DR: That is my mistake, with this being the first time with a document in the IETF. I will add the latest requirements language and we will take a fresh look at the requirements language.


Likewise, the I-D starts with
'Many network security mechanisms rely on time'
so security is a key part, if not the point, of the I-D yet I find Security Considerations weak.  Section 5 references RFC7384, 'profound threat analysis for time synchronization protocols '.  Yes, but it is ironic that that RFC, detailed, thorough, useful, is only Informational; and it is not mentioned in this, the section on Security Considerations. This section  does not point to threats and mitigations from the body of the I-D, rather it seems to weaken the whole I-D with somewhat vague statements.

DR: We can mention the RFC7384 directly in the Security Considerations section.  I'd be interested in your ideas about how to make the Security Considerations stronger without simply restating what is in the body of the text.



Picking up on some details,

Abstract
RFC 5905 [RFC5905].
looks like a reference which is not ok for an Abstract which needs to be plain text.

DR: We agree, we will reword the abstract to eliminate the reference.

1.1.  Requirements Language
out of date no RFC8174

DR: We will update the boilerplate text (as well as review the text and make sure we are using the proper key words where we man to!)

3.1
BCP38 Info page [1] .
I did not immediately recognise [1] as a reference to a URL.

DR: We will change to "More information is available at the BCP38 Info Web page" to make clear that it is a URL.

4
compilied in Section Appendix A.
compiled?

DR: Yes, we are fixing this typo.

4.1
opposed to an SNTP implementation
expansion would be helpful

DR: The real intent here was to describe how implementations of RFC 5905 would behave, so we've replaced this text with "An NTP implementation that is compliant with RFC 5905".

this section in general lacks any detail of 'how'.  What is agreement, between two sources?  How do I converge three sources?  I look to a BCP for advice on such matters.

DR: The "how" is defined in RFC 5905. The operator has to decide how many time sources he/she is using.


4.2
There is a general principle behind this that I would like to see stated, namely to ensure that multiple sources are really independent.
I learnt this when I read about Apollo moon shots, but have seen it ignored many times since.  You have to work hard to track back to the details of the technology in use to find out if there is really more than one code base, or chip set, or... in use.  Where security depends on such matters, you really need to do that to ensure you have independence. Appendix A suggests that there is but one code base.

DR: Agree. Change "diversity of sources" to "diversity of sources with independent implementations".

After "may have the same bugs", add "Even devices from different vendors may not be truly independent if they share common elements." 
Then, we can strike "regardless of whether ... different vendors", because that will be redundant.

Denis likes that last line in the comment. After "application software bugs", we will add 
"When having the correct time is of critical importance, it's ultimately up to operators to ensure that their sources are sufficiently independent."


4.4
its syslog shows
Is this a recommendation to use the 'syslog' protocol as opposed to
YANG:-)  Elsewhere, you use system logs which I think better.

DR: We agree, we'll change to "system logs" globally

I think too that there is a general point that is missing that these systems need error logging, need (remote) monitoring, else ... well, what is the threat?  what is the mitigation?

DR:  We do go into more specifics on particular threats and mitigations in other sections. Would you like that referenced here?

broadcast client
sounds like a client that broadcasts rather than one that receives broadcasts.

DR: We can change that to "client in broadcast mode"

4.6
GNSS
I would like expanded on first use

IERS
Ditto

DR: agreed

4.6.1
using a leap-smear can cause your reported time to be "legally indefensible sounds like a SHOULD NOT if this is a BCP

DR: Some users simply don't care if their time is traceable; they care more that all the machines on their network have the same time. We feel "SHOULD NOT" is too strong in this case, and the current language reflects properly that operators who wish to use leap-smearing should be aware of the implications.

5
/A profound threat analysis for time synchronization protocols are given/ A profound threat analysis for time synchronization protocols is given/

DR: Agree

5.1
the MAC may always be based on an MD5 hash,
MD5 is regarded as too weak in many contexts; does that apply here?

DR: MD5 is in the process of being deprecated, but many implementations still support it, so it is appropriate to mention here. But we will clarify the situation, as well as include a reference to draft-ietf-ntp-mac , which replaces MD5 with AES-CMAC.


Generally, is there any difference between IPv4 and IPv6 here?  IP addresses are often mentioned but no mention of different versions.  RFC4786, e.g., is explicit that it covers both.

DR: We can clarify (particularly in the Anycast section) that the recommendations cover both. 

Appendix A

/specific to various implementation of RFC 5905./ specific to various implementations of RFC 5905./ except that the advice seems to be specific to ntpd and not apply to any other implementation

DR: We did originally make a broad call on the NTP mailing list for information from any of the available implementations, but we only received content specific to ntpd. Since there are no other implementations currently with appendixes, we will refactor to make Appendix A devoted solely to the NTF implementation. In the event this BCP is updated with information from different implementations, they can have their own appendix.

A.1.2
/mode 7 /Mode 7 /

/BY default/by default/ ?

DR: Agree!

Tom Petch

----- Original Message -----
From: "The IESG" <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: <ntp-chairs@ietf.org>; <ntp@ietf.org>; <draft-ietf-ntp-bcp@ietf.org>; <suresh@kaloom.com>
Sent: Monday, September 24, 2018 6:07 PM

=> The IESG has received a request from the Network Time Protocol WG
(ntp) to
> consider the following document: - 'Network Time Protocol Best Current 
> Practices'
>   <draft-ietf-ntp-bcp-07.txt> as Best Current Practice
>
> The IESG plans to make a decision in the next few weeks, and solicits
final
> comments on this action. Please send substantive comments to the 
> ietf@ietf.org mailing lists by 2018-10-08. Exceptionally, comments may
be
> sent to iesg@ietf.org instead. In either case, please retain the
beginning of
> the Subject line to allow automated sorting.
>
> Abstract
>
>
>    NTP Version 4 (NTPv4) has been widely used since its publication as
>    RFC 5905 [RFC5905].  This documentation is a collection of Best
>    Practices from across the NTP community.
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-ntp-bcp/
>
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-ietf-ntp-bcp/ballot/
>
> No IPR declarations have been submitted directly on this I-D.
>
> The document contains these normative downward references.
> See RFC 3967 for additional information:
>     rfc1305: Network Time Protocol (Version 3) Specification,
Implementation and Analysis (Draft Standard - Legacy stream)
>     rfc5905: Network Time Protocol Version 4: Protocol and Algorithms
Specification (Proposed Standard - IETF stream)
>     rfc7384: Security Requirements of Time Protocols in Packet
Switched Networks (Informational - IETF stream)
>     rfc7094: Architectural Considerations of IP Anycast
(Informational - IAB stream)

ATTENTION: This email came from an external source.
Do not open attachments or click on links from unknown senders or unexpected emails.

v2.23.0 | Report a Bug | By Email