IETF Logo Mail Archive

Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp

Harlan Stenn <stenn@nwtime.org> Mon, 10 December 2018 09:22 UTC

Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98440130F08 for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 01:22:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PsETV-6VdlYO for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 01:22:36 -0800 (PST)
Received: from chessie.everett.org (chessie.everett.org [66.220.13.234]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E4B0127B92 for <ntp@ietf.org>; Mon, 10 Dec 2018 01:22:36 -0800 (PST)
Received: from hms-mbp11.pfcs.com (75-139-194-196.dhcp.knwc.wa.charter.com [75.139.194.196]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 43CyK54mZyzL7K; Mon, 10 Dec 2018 09:22:33 +0000 (UTC)
To: kristof.teichel@ptb.de
Cc: ntp@ietf.org
References: <b558b0de-a451-f233-e86c-26f4b065c164@nwtime.org> <4e9efcc4-0285-72c1-9119-7cbd167847d0@nwtime.org> <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <0DAD4C5F-EAFA-4A3D-A3E4-55F34A7C1BFE@isoc.org> <AM0PR0602MB3730B2389832592B5A1D2647FFA90@AM0PR0602MB3730.eurprd06.prod.outlook.com> <OF03487E97.EB065354-ONC125835D.006E9262-C125835D.00717024@ptb.de> <OF42DFC0BE.0D439664-ONC125835E.003FD128-C125835E.00406A35@ptb.de>
From: Harlan Stenn <stenn@nwtime.org>
Openpgp: preference=signencrypt
Autocrypt: addr=stenn@nwtime.org; prefer-encrypt=mutual; keydata= xsDNBFI2xmQBDACrPayw18eU4pIwCvKh7k0iMkAV9cvzs49kBppM+xoH+KKj4QWmkKELD39H ngQnT3RkKsTLlwxyLqPdUmeQNAY2M5fsOK+OF6EvwLPK9hbmE3Wx2moX+sbEUxJ2VzFhKSKb OPZALXwk1XxL0qBedz0xHYcDwaSAZZkEFXURv2pDIdrmnoUnq2gdC8GpoFJiXoUaCLSYzzaY ac4Njw7Mue8IqfzRQb70aMjXl/qmsmfmEVAyGXywDdc/ler4XSgiuYOV7Kf69bj9PFZZSMdJ MWgEyZH6lJ0TU5ccR2zp5ZRmWzQQkxJMyH2th7q0Nmz3aX4A0K4yE0Ba9/5Dr7ctpF15BrMF aEo4s5lwI6tUnkgMWo265mMzCz4mAPV/ac0w0OXQg7r9E2r0+dRapnzUlG43D0JLDqDr9uRR L6IrRQqoCWUC75lfmPYQYSlaTJaK68r3lXd0z1cXJUgVtEL5H3/Z71R2B20twcQVAnw2iIH6 L5vdrsIjHrMmkqRVbs9nNyEAEQEAAc0nSGFybGFuIE0gU3Rlbm4gKFBGQ1MpIDxoYXJsYW5A cGZjcy5jb20+wsD8BBMBAgAmAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlI2xr0C GQEACgkQyIwAt1pH+kDfsQv/Q8fSJks4uNNyLf0O2kX9cepWExSTBpSgc1wsr65ldAx3fuPT ci+gymO0qs1PlGYPYuMFEVmIRpJFy/tUVXZIGIZtlOURAHXjov0NbdwyZnOahEaja3jL+bBH GGJpRtmD+CCAVkj1UEUNF2mLqUgwEQarvHLCI6j1xz5+kxzdXsF3jVAlLMRkpScOfZ2NiHq7 Dp8ClCcEALI+lU2sUIP8dGTqNCM03ma0M5T53PIzkD8tRMNa5Dznv6E3+eFE6xefm5uMzCWs XEzxxaaoVnkoFxyrJpHBkDuIl5MKhcyG0lcmmVeM35MoZpJXE6fgqvbq9XZccSQUcpY1OrwM mc2CjjTsm5K9IFDyD7yRA6xh4Z/ExSFBnwky2JwMJtJgqDRsLFkSvYCq+m+Zc3YWP8rGbmdR Lk57eZ3hdt9MuUX879LyjAKHWm5aFbCs5vsq2n8XWrxJMVHVOUy5pQlzAz5fa+5yjba9YM7L 4DMefzQZ9Q3P+TfBofmsQSbH54rkK/WAzsDNBFI2xmQBDADXLsBkI7CSa5UXlrNVFJQHER1V xRBKqjWWCh/8Qv9v3p3NrIc2UnhoZ1uWQ2voBGty5Xfy9k4afV5kWwDyRDUIb7PX+Tj4HjVV r7qvnOVe/0KzZpNq0Azd0ggFbsM+8mydktHIwJykW0NUsGwPRYuDOA0Lro0ohb5IiCt3sSQi 1X1hYjo7O1Vmn8Gy/XYOnhnMux+5zDPO2yTkCNX5PocYi9IJJy6pMq1yQV4Y2Dl8KtQzvtq5 5vCUxx6n0MMzFViGwNW6F4ge9ItO4tDScsgowDrHa208ehwOpv/iwjf93lCClQ6vaKmOBX87 2K/tdY/hwhxPPjgl1bcrOwMRYVemOPPehwnXH5bwclk1hvDQdkJQ5pJOkE4VCryTF/iDAt4g 2QnHocUwt3b6/ChUUWmj2GZ22OR12rbnCtLedwp0DpViKPUCQHBOvpgXdzE/L9zWar9fqM0E REMgfWbsJc9028qluCcFLIN1gYsq4cC+YGAcOu7HOI5orBBV4m9jXfsAEQEAAcLCfgQYAQIA CQUCUjbGZAIbLgGpCRDIjAC3Wkf6QMDdIAQZAQIABgUCUjbGZAAKCRDfCQ/G52/8P/uWDACe 7OEM+VETDRqjQgAwzX+RjCVPvtgrqc1SExS0fV7i1mUUxr/B8io3Y1cRHFoFKmedxf8prHZq 316Md5u4egjFdTT6ZqEqkK0hvv+i0pRpCa5EX9VIStcJStomZp8FcY34grA+EOWITaLQ4qNZ UP7rf2e7gq1ubQTj7uLr6HZZvMZ5em+IvrOWEuWDI6yOiI6px04wRDfkoR2h6kgdw4V0PT4N jK9WYYKrVCf1bjLlVImNBEcXfvlUTrIYO8y6ptvoUsBQky5pQRvP99Pn42WfyLy50aII6+vy udD4T0yLjXAz4KteUttxtIte64m/F9/7GEIZAxTUcLyOq/7bP4leh39jBckwc62iYzeK/VkU /bMMh2D68Z3QylMnhhcW27BcgQHPKsHhmFa2SNytYcuQiSdf9+pj4i32ETz1nJAvYAAqgTF/ 0PL+8ZNQoEpe/n9woMKrlZrqD4EgFmhQ3bNVhlaXz1nuTZDrwPt1yMxBuUNbCF4jFnaruwrS iGTRoIfUZQwAjQglahrV4/mcjfnvbNoseHX0PKd9q+wjg7MIjWqrf2CI8Fa6MdanqwYphz43 I2yXANKFZuMWsWqyQYlvGuPUlUUcAL3stp24RkzDB1Q+JS0IZJSTT2JSu0aTfUdWVNqr2UI1 9eX+zxbOTckSi3Ng14ezG8ZX194ZH10b8JzntQOwmA20pd5JDhugzQfASER+CZDiPPcQ4mvC 4y7rMrfV6XGQbDynC3ekDxo8SC5SvjaczXMwXg6SZ8iFtEWmEwW9r7zPjjIPDrX8w5LXBgxA rM5o/HbERpc2EdAvMh1D7LC0SvmoE7fBKxsicVBe4h6vXjEZ+LLr/wuZiBld9OnxAUIpwptb BspO6WKTQYvgFH2OeDG27hiE5P4Xs4WSp5j9ez8OVB1iZnA2nCQ+tNTjO8c+C/P92vPLx5+b pGRXTXMNaLh34PS3ZsYoUDkKZNhczRZUWJ7nynSbeeyF+QW7SLwAqY7O7dyk9LFTsfJqRQJ7 tWnIAjJPCwmSgQ8Kl0UJ
Message-ID: <0e3cd1f5-46e4-2eae-e8cf-eb0aca976564@nwtime.org>
Date: Mon, 10 Dec 2018 01:22:33 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.2
MIME-Version: 1.0
In-Reply-To: <OF42DFC0BE.0D439664-ONC125835E.003FD128-C125835E.00406A35@ptb.de>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/0eNqgT1BtkNAkuV5PDgLDE-whEQ>
Subject: Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 09:22:42 -0000

I'll provide a more detailed response to your previous email about this
as soon as I can.  It might be later tonight.

On 12/9/18 3:43 AM, kristof.teichel@ptb.de wrote:
> Fair enough, I guess.
> 
> However, please don't use "Harlan hasn't gotten his way on issue X" and "issue X 
> has never even been adressed" interchangably.

I think that's an inappropriate and offensive thing to say, and I
challenge you to either clearly support it or retract it.

> Otherwise, anyone trying to follow the WGLC discussion who isn't aware of the 
> history might be confused.
Perhaps it would be at least inadequate for people to follow the WGLC
discussion and *not* consider the history.

If you are saying that the WGLC discussion should be a complete
discussion of the issues, I would object to that.  That's an incredible
amount of work for each person involved to do, and I really have better
uses for my time and attention than to rehash things that you, for
example, have already said you will "dismiss".

> Also, please clarify what the mentioned "proposed solution" by Dave is referring to.
> Merely claiming that there is some holy grail document that people are just 
> ignoring for no good reason does not further constructive discussion.

Please search the email history.  I'm pretty sure there are at least
one, and possibly two documents from Dave in there, and there are
certainly other related discussions.

H
--
> 
> Best regards,
> Kristof
> 
> 
> -----"ntp" <ntp-bounces@ietf.org <mailto:ntp-bounces@ietf.org>> schrieb: -----
> An: kristof.teichel@ptb.de <mailto:kristof.teichel@ptb.de>
> Von: "Harlan Stenn"
> Gesendet von: "ntp"
> Datum: 09.12.2018 06:48
> Kopie: ntp@ietf.org <mailto:ntp@ietf.org>
> Betreff: Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
> 
> Hence my objections remain.
> 
> H
> 
> On 12/8/2018 12:39 PM, kristof.teichel@ptb.de <mailto:kristof.teichel@ptb.de> wrote:
>  > I'm on my browser mail client and sadly can't respond in-line without making a
>  > mess of the formatting.
>  >
>  > The summary of my response is: yes, we have seen most or all of the here-cited
>  > concerns of yours before, and dismissed them.
>  > Sorry if that was not always communicated clearly enough - although I have a
>  > feeling that in most cases, it was.
>  >
>  > In any case, let me give short-ish versions of replies regarding the mentioned
>  > points:
>  >
>  > - The "earmarked" EF type thing: to me it looks like you're basically trying to
>  > have NTS make people adhere to an NTF-internal numeration system (the only place
>  > I know of where it is "standardized" is the Autokey RFC?). That, I oppose.
>  >
>  > - Being "monolithic": this seems like a mere impression that you have that is
>  > also mostly false (e.g. a client could choose to send no cookie placeholders and
>  > ignore all fresh cookies - though I do not advertise this idea). I can only
>  > guess what you would like us to do about your concern, and the things I am
>  > guessing (such as dividing AEAD and fresh cookies off into some kind of optional
>  > sub-mode), I definitely oppose.
>  >
>  > - TCP matters: are you seriously suggesting for NTS to rest until a number of
>  > other drafts potentially reach RFC status? If not, what exactly are you
>  > suggesting? If so, I oppose.
>  >
>  > - The "one cookie/placeholder per field" issue: could someone who has
>  > implemented this please elaborate on the typical size of a cookie? In any case,
>  > a placeholder must by design be as large, so I'm not convinced there is any
>  > issue here. In either case, I don't see an actionable suggestion (I can guess at
>  > one, bit for that one I would still need to be convinced there is an issue in
>  > the first place).
>  >
>  > - The "all modes or bust" issue: I remember giving you a lengthy response to
>  > this previously. Please stop insisting this concern has never been adressed.
>  > Also, what is you actionable suggestion? Put everything on hold, until solutions
>  > have been found that everyone including you can agree on, for modes that are
>  > used significantly less than the one adressed? If so, I oppose.
>  >
>  > - The "Dave has a viable alternative" claim: what is the proposed "solution" of
>  > which you speak? I remember a document skeleton which barely had more than
>  > headlines for its sections, and I remember a lengthy document that switched
>  > between a vague critique of mixed NTS versions and a proposal for what a
>  > proposal might look like (where some of the few concrete suggestions would be
>  > attackable with methods straight out of Roettger's 2012 critique of Autokey)...
>  > if you mean either of those then please stop bringing them up as though there
>  > was a serious discussion to be had at this point. If you mean something else,
>  > please refer us to it so that a real discussion is possible. And again, what
>  > would even be your actionable suggestion to us, the editors of the NTS document?
>  >
>  > Is there anything else (preferably actionable suggestions) you still feel has
>  > not been adressed?
>  >
>  >
>  > Best regards,
>  > Kristof
>  >
>  >
>  > -----"ntp" <ntp-bounces@ietf.org <mailto:ntp-bounces@ietf.org> 
> <mailto:ntp-bounces@ietf.org>> schrieb: -----
>  > An: ntp@ietf.org <mailto:ntp@ietf.org> <mailto:ntp@ietf.org>
>  > Von: "Harlan Stenn"
>  > Gesendet von: "ntp"
>  > Datum: 07.12.2018 23:05
>  > Betreff: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp
>  >
>  > I am strongly supportive of the goal of providing a replacement for
>  > Autokey, as soon as possible.
>  >
>  > As written, I am opposed to the adoption of this proposal, as the
>  > detailed objections and concerns I have repeatedly raised have still not
>  > been addressed.
>  >
>  > Off the top of my head, here is a (partial?) summary of my objections:
>  >
>  > - we have long earmarked EF type 4 for NTS, and this is still not in the
>  > document as a recommendation for IANA.  In particular, if the proposal
>  > advances as written we would want to see:
>  >
>  > |   0x0104   | * NTS Unique Identifier Request              |
>  > |   0x8104   | * NTS Unique Identifier Response             |
>  > |   0x0204   | * NTS Cookie                                 |
>  > |   0x0304   | * NTS Cookie Placeholder                     |
>  > |   0x0404   | * NTS AEEF Request                           |
>  > |   0x8404   | * NTS AEEF Response                          |
>  >
>  > (or similar).  There is no good reason to leave it up to IANA to
>  > possibly assign 6 random EFs for this use case.
>  > draft-stenn-ntp-extension-fields (for which I will be trying to post an
>  > update soon) clearly and simply describes this.
>  >
>  > - The proposal is too monolithic, and we would all be better served with
>  > a proposal that separates the cookie mechanism and encrypted transfers
>  > into separately-usable mechanisms.  There may be other similar cases as
>  > well, but my brain is too fuzzy right now to think more about this.
>  >
>  > - It creates a separate TCP service/port specifically for NTS key
>  > exchange.  This is wasteful in general, and would be better served by
>  > folks collaborating on:
>  >
>  >   draft-stenn-ntp-tcp-services
>  >   draft-stenn-ntp-tcp-services-keyexchange
>  >
>  > - The proposal uses multiple Cookie and Cookie Placeholder messages (as
>  > I recall - see my other message about the cold I'm still recovering
>  > from) instead of having a single Cookie and Cookie Placeholder message
>  > that supports multiple entries.  This would not be an issue if 7822 did
>  > not specify a 28-octet minimum final EF size, or if
>  > draft-stenn-ntp-extension-fields was implemented (or being considered,
>  > even).
>  >
>  > - It only supports client/server mode, and it does so in a way for which
>  > adding support for symmetric and [mb]*cast modes had been demonstrated
>  > to be problematic.  We need an encompassing solution, and this isn't it.
>  >
>  > It would not surprise me at all to discover issues I have forgotten to
>  > list above that are in my previous messages on this topic.
>  >
>  > I'm sorry I haven't had the resources to once again re-study and re-list
>  > my objections to this proposal.
>  >
>  > Dave Mills has posted several papers about the above problems including
>  > a proposed solution, but for whatever reasons, for years we have
>  > continued to pursue this increasingly limited solution instead of
>  > working towards a better/more functional solution.
>  >
>  > As I said in an earlier message, Dave is currently unable to receive or
>  > send email messages, so he apparenetly can't participate in this WGLC.
>  >
>  > --
>  > Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org> 
> <mailto:stenn@nwtime.org>>
>  > http://networktimefoundation.org - be a member!
>  >
>  > _______________________________________________
>  > ntp mailing list
>  > ntp@ietf.org <mailto:ntp@ietf.org> <mailto:ntp@ietf.org>
>  > https://www.ietf.org/mailman/listinfo/ntp
>  >
> 
> -- 
> Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org>>
> http://networktimefoundation.org - be a member!
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org <mailto:ntp@ietf.org>
> https://www.ietf.org/mailman/listinfo/ntp
> 

-- 
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org - be a member!

v2.23.0 | Report a Bug | By Email