Re: [Int-dir] Intdir early review of draft-ietf-ntp-bcp-06
Denis Reilly <denis.reilly@spectracom.orolia.com> Tue, 31 July 2018 12:54 UTC
Return-Path: <denis.reilly@spectracom.orolia.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78FDB128B14; Tue, 31 Jul 2018 05:54:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=oroliagroup.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4woVZD_QdX-k; Tue, 31 Jul 2018 05:54:44 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70043.outbound.protection.outlook.com [40.107.7.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9499A1252B7; Tue, 31 Jul 2018 05:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=OROLIAGROUP.onmicrosoft.com; s=selector1-spectracom-orolia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=waU8z/K1KaTHxyifv4bubpQ/BcOh9eQUudddnHZZy68=; b=hrYdKf2i2dWAlJnchxH4dlD0LnN3UUJ4cVU9hdlkYYsLoJtLoQgogtK+m3hpou4Kauu0t+Ds0flhQ2GQesnL2IWHeURHiLl5pId77/3/g3Jd9HMxc77gmpENjX4tz/IJPbqozszBjhExk5PDT3TCXLs8moFFNLwqgUR/xhLxmLg=
Received: from AM3PR06MB1202.eurprd06.prod.outlook.com (10.163.60.28) by AM3PR06MB1089.eurprd06.prod.outlook.com (10.163.9.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.995.21; Tue, 31 Jul 2018 12:54:40 +0000
Received: from AM3PR06MB1202.eurprd06.prod.outlook.com ([fe80::89e3:51d8:3bd7:e0d9]) by AM3PR06MB1202.eurprd06.prod.outlook.com ([fe80::89e3:51d8:3bd7:e0d9%5]) with mapi id 15.20.0995.020; Tue, 31 Jul 2018 12:54:40 +0000
From: Denis Reilly <denis.reilly@spectracom.orolia.com>
To: 神明達哉 <jinmei@wide.ad.jp>, "dieter.sibold@ptb.de" <dieter.sibold@ptb.de>
CC: "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, "int-ads@tools.ietf.org" <int-ads@tools.ietf.org>, "draft-ietf-ntp-bcp@ietf.org" <draft-ietf-ntp-bcp@ietf.org>, "<int-dir@ietf.org>" <int-dir@ietf.org>
Thread-Topic: [Int-dir] Intdir early review of draft-ietf-ntp-bcp-06
Thread-Index: AQHUBOVOvQPDB/gNgUmVEhGBN47MjaR42moAgAALTACAJ++sgIAIuMnw
Date: Tue, 31 Jul 2018 12:54:40 +0000
Message-ID: <AM3PR06MB12029460130FBCA5FD889BE6D22E0@AM3PR06MB1202.eurprd06.prod.outlook.com>
References: <CAJE_bqdt5jd81r8kVMCe=7LMA_2vP+q0UOyTjAed0-h61NVjgQ@mail.gmail.com> <OF88652C25.136ACF7D-ONC12582BA.0072712D-C12582BC.0047506E@ptb.de> <OFEE3BC3B5.6E555040-ONC12582BC.004B0443-C12582BC.004B0448@ptb.de> <CAJE_bqf8jZkahuEwYm4H7FWjKNWuuhQEgN2muZtoeNQyhOeVyg@mail.gmail.com>
In-Reply-To: <CAJE_bqf8jZkahuEwYm4H7FWjKNWuuhQEgN2muZtoeNQyhOeVyg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=denis.reilly@spectracom.orolia.com;
x-originating-ip: [66.193.84.98]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR06MB1089; 6:U1e5VjBnsQibV8TIuNK9JoONPXKTjGkcbT6UQ6dJN29jCBwf+upVem3TGNOTlHw/xKLVrBdAeeL/FiShJzILll45TfLvAn9vsfEdSkOOZZ69DAVSsCsbTOEbxRKsIMnzTthCzqNvJD0tcowG7+Ve+Z97DoPrDmDvfs+w4JKgKfb4fETSLVnlLdWK6FIO77CUdZMEkf7Q0qX0/QuWmH2PVTgavXiCw15Dhr4aUhE3RtQi+66sCjF1SDdfhQS5Jp067w8j05ywLzrjs1NupvHsjNN+cogpG/ITmIePhf5dPVkxn0kz28FawdISMARuq2AgiWn4IFzSBVAU+XSQF1hdpD1ka6qnSC93kpWe2sADh5NZhdPfeZmM9/fjFTvbYRFTty6+xDceW37O3OgB4CEe9zncqTf1uQAxo01/Nx1asoLFX4pQW7Y+BD+KtPg5Rz/C1ddl9/T3f7tpcHnIwGlV3g==; 5:RQq8e/m0W76dWE8NHWCiJwRNwSTYWGnDtnEOBNB5qC38h2x499EeiEcXXa54IHOuMwQ2Bpk3x0aRMx/G3XdGluWcoBIO1vxq2yUVeaKYu4xdGSRRgLTkASUd3OoJT/VMtokDWnsbZfgGzRKISzFr3eyAfrnsUb2idHXp2P/2z6A=; 7:kP43oRmJqNUvVEu3clyTdyigCKBIp6DtnEoK+2GhmM/Z36p4cBmXlsXNsgY0D9IBYNpB9fXQ74ZVv8Ma+omdKaftiHge+QzzdAaFGHJstgqiJIdmqfXp/UHONwnSwGmZmPiE7Zx0k4iUaulGc2aHTzzICYenif66QNbCLiiH4hA75NjM27ZIULhmyN8NtuAPMTdD65kMk1Ek9BxJyEftwfAyotNQi5nDFzeKxlYhbnA3YNrv8/YjQ4zq8JRxUntb
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: cb123b44-b3e0-4588-2250-08d5f6e4c7b8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600074)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:AM3PR06MB1089;
x-ms-traffictypediagnostic: AM3PR06MB1089:
x-microsoft-antispam-prvs: <AM3PR06MB1089AA685C73AEE9B5ED2E72D22E0@AM3PR06MB1089.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(166708455590820)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(10201501046)(93006095)(93001095)(3002001)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:AM3PR06MB1089; BCL:0; PCL:0; RULEID:; SRVR:AM3PR06MB1089;
x-forefront-prvs: 0750463DC9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39850400004)(346002)(396003)(366004)(136003)(189003)(55674003)(501624003)(13464003)(199004)(6306002)(53546011)(44832011)(26005)(476003)(486006)(6506007)(446003)(93886005)(478600001)(11346002)(99286004)(110136005)(86362001)(6436002)(229853002)(55016002)(74316002)(966005)(68736007)(2906002)(5660300001)(102836004)(345774005)(54906003)(9686003)(186003)(7696005)(76176011)(97736004)(25786009)(8936002)(5250100002)(53936002)(305945005)(106356001)(66066001)(6246003)(316002)(2900100001)(105586002)(7736002)(2501003)(81166006)(81156014)(8676002)(14454004)(14444005)(256004)(33656002)(4326008)(3846002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR06MB1089; H:AM3PR06MB1202.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: spectracom.orolia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: R46aIGlvFRFzK6L+n5ge8wvCbfawNG90eVwAxSq/E6FpfEWOMkl2LkzcOUp3F4UbnE2160PvEPGypKL6SNHJDfJTUbpqyM9i205YaLqrbWk35QnbjAVKfxEiEew6xOkkfw8sNpwfBV8dQCbQrzQEQEd0D+euLd0fD3iOdxwpYGh9UfoKJRJ5oI2NQEUM4lExjrCRVP1F3J8KscGdbhx9nKXbEq8TSy+og1IYoek5h144okmCtArYzjAe8YH2XyY21h661mdYCp7EreuB0gC/t7c11EIAieoIANaaMQ2f55/FcyxgMsWy4cHbbmbKSGmbgfXI7s6OlL8KO3zAjJUr0HbxZKLd/fg9pjVOvMhiqZQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: spectracom.orolia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb123b44-b3e0-4588-2250-08d5f6e4c7b8
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2018 12:54:40.5721 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a263030c-9c1b-421f-9471-1dec0b29c664
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR06MB1089
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/IHyu50Xkh8Yzyc4f9-8upoGVzVI>
Subject: Re: [Int-dir] Intdir early review of draft-ietf-ntp-bcp-06
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 12:54:47 -0000
Hello, We kept the ntpd-specific information in Section 4 on purpose, because although the security issues that were found applied to the protocol in general, all of the relevant papers that were cited were based on the ntpd implementation, so we felt it would be harder to separate this content. We did modify some text here to make it less implementation-specific, and we added some text advising users to contact the maintainers of their implementation to find out how to mitigate these issues in their implementations. Thank you for your review. I will be uploading the (pre) 07 version to the Datatracker soon, and I will work with the WG chairs to figure out the next steps. Best Regards, -- Denis Reilly | Lead Engineer | denis.reilly@spectracom.orolia.com (585)321-5837 -----Original Message----- From: 神明達哉 <jinmei@wide.ad.jp> Sent: Wednesday, July 25, 2018 7:31 PM To: dieter.sibold@ptb.de Cc: ntp-chairs@ietf.org; int-ads@tools.ietf.org; draft-ietf-ntp-bcp@ietf.org; <int-dir@ietf.org> <int-dir@ietf.org> Subject: Re: [Int-dir] Intdir early review of draft-ietf-ntp-bcp-06 At Tue, 17 Jul 2018 19:40:24 +0200, dieter.sibold@ptb.de wrote: > in our reply from June 30 we described the measures we intended to > take in order to address your concerns you expressed in your review > from Jun 15 of draft-ietf-ntp-bcp-06. In the meantime we added your > proposed changes to a new version of the draft. This version is not > yet uploaded to the datatracker but accesssible under > https://github.com/denisreilly/ntp-bcp/blob/master/draft-ietf-ntp-bcp- > 07.xml We would very much appreciate if you could review the changes. > Please let us know if we addressed your concerns appropriately. I've just re-reviewed the (pre) 07 version. It generally looks pretty good to me, addressing my comments. Regarding separating implementation ('ntpd') specific topics, I've noticed there are still a few places in the main text that refer to 'ntpd' - Section 4.4 If a system is using broadcast mode and is running ntp-4.2.8p6 or later, use the 4th field of the ntp.keys file to specify the IPs of machines that are allowed to serve time to the group. - Section 4.6.1 Clients that are connected to leap smearing servers MUST NOT apply the "standard" NTP leap second handling. So if they are using ntpd, these clients must never have a leap second file loaded, and the smearing servers must never advertise to clients that a leap second is pending. - Section 5.1: 'the server statement' sounds like ntpd specific. An NTP client establishes a protected association by appending the key to the server statement in its configuration file. Note that the NTP process has to trust the applied key. - Various places in Section 6 You may want to move these to the appendix, but I don't argue these are a DISCUSS-level issue, and I'd leave the decision to you. -- JINMEI, Tatuya
- Re: [Int-dir] Intdir early review of draft-ietf-n… 神明達哉
- [Int-dir] Intdir early review of draft-ietf-ntp-b… 神明達哉
- Re: [Int-dir] Intdir early review of draft-ietf-n… dieter.sibold
- Re: [Int-dir] Intdir early review of draft-ietf-n… dieter.sibold
- Re: [Int-dir] Intdir early review of draft-ietf-n… dieter.sibold
- Re: [Int-dir] Intdir early review of draft-ietf-n… 神明達哉
- Re: [Int-dir] Intdir early review of draft-ietf-n… 神明達哉
- Re: [Int-dir] Intdir early review of draft-ietf-n… Denis Reilly