IETF Logo Mail Archive

Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-27.txt

Ragnar Sundblad <ragge@netnod.se> Thu, 26 March 2020 15:40 UTC

Return-Path: <ragge@netnod.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8F553A07C6 for <ntp@ietfa.amsl.com>; Thu, 26 Mar 2020 08:40:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netnod-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0k8wqgh18LCA for <ntp@ietfa.amsl.com>; Thu, 26 Mar 2020 08:40:31 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 305EB3A07BE for <ntp@ietf.org>; Thu, 26 Mar 2020 08:40:31 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id k21so6896233ljh.2 for <ntp@ietf.org>; Thu, 26 Mar 2020 08:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netnod-se.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7a7wF2QtVuxQU9JFmtijwxOVK/zg5vMPe0iqkOz0wgE=; b=oyc4dUZ7hlStSSLol6pre5HlJPT5Ki2XUpI9DNddIY8q3dDNtipNool8N2vz/XBNot 56ofNV0weNPtdO7mS/qr1aflRURDA0/IKc8fKUfjIhnODjTgWGz6WjPt4twm6yoS0JUL D3yxXnmF242s5mZjqSI5KMCnKs4hMTKWValJ5YcTyi5/+gtd8hDtwOITxFXsbYZkA1hD VyNcoJijLTEQVGJzl3+iqXLboZTLS1FsAfC0Y58e/3lB//1sHeUpZEAmQ91VkdNqbi+2 aHuSYgGliauJuybnZoxK41rhQgttoKJh4DK5Nr/C9CTZn1TagGicmD1ZDIEox/jeZchc ivvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7a7wF2QtVuxQU9JFmtijwxOVK/zg5vMPe0iqkOz0wgE=; b=gYOZtDalmz2ntmVqz4EPniicV3Gk3rMeNhQDwmHdsBCK51pPdJHtX5ZQhOD9XG/I93 p9GH0JQ5Us90nZvFM44qYAOVshimgYr+tys+xYtw5v46+efcxHRedmldGJPwsD6JaF9q mdb/9cNwGnsFDzt/y1MUrAammzEnCxnMFNfLZmG5Dy1UOvI5Dm6blpa/XMGnp+FLRR3o Y7NTp4LU+rF7zU3+5lYjMT75ZWmwPuylBykg16+tzSB/t+Qye3HK05k1OPE5Wu3tTuZe 2kGllNGvRWODlATcu4z/9DlQQxmlvyXbzBsV6krkb64RqX+iCw/Qxmu5DW0eeOel4n3Z OBDw==
X-Gm-Message-State: AGi0PuYAQmYSWmbqiIntP0eSPRNQDnfL70H5TpC5WwzKYY1RQqlO4en6 480zWePRmb/0Rltu12MKyx+Qy0i3st3YGQ==
X-Google-Smtp-Source: ADFU+vsIsKZDSIVbVWJXWn6v1OR3s575hgAoNXpbsx8mS3xzlvlErDWWD+J/ZAFax4Hsgvq1HOIXqg==
X-Received: by 2002:a2e:884d:: with SMTP id z13mr5825481ljj.158.1585237228377; Thu, 26 Mar 2020 08:40:28 -0700 (PDT)
Received: from [10.0.1.14] (h-122-211.A530.priv.bahnhof.se. [213.80.122.211]) by smtp.gmail.com with ESMTPSA id f2sm1615678ljn.101.2020.03.26.08.40.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Mar 2020 08:40:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Ragnar Sundblad <ragge@netnod.se>
In-Reply-To: <20200326141916.A4A7140605C@ip-64-139-1-69.sjc.megapath.net>
Date: Thu, 26 Mar 2020 16:40:27 +0100
Cc: Miroslav Lichvar <mlichvar@redhat.com>, ntp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7BB99F35-B641-401E-9E5C-261DC38397AC@netnod.se>
References: <20200326141916.A4A7140605C@ip-64-139-1-69.sjc.megapath.net>
To: Hal Murray <hmurray@megapathdsl.net>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/19CxKJb5cRAbTRM1bR-XY6_0rts>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-27.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2020 15:40:33 -0000


> On 26 Mar 2020, at 15:19, Hal Murray <hmurray@megapathdsl.net> wrote:
> 
> 
> mlichvar@redhat.com said:
>>> Ok - in this case too, there should be 8 NTP requests before it contacts
>>> the KE server again, and it will increase the retry interval each time
>>> since it has not completed a full cycle of getting cookies and succeeded
>>> in using them.
>> You are right. Good point. Maybe a bug or incompatibility between different
>> implementations would be a better example. 
> 
> That doesn't help much.  If some idiot sets minpoll to 4 you only get 40 
> seconds between NTS-KE retries.
> 
> Bugs, firewalls, rate limiting, ...

It does help in most cases, right?

Anyone could do just about anything, we can’t protect against that.

The other cases I think we have already discussed, some more than
once.

Also an extra KE is not the end of the world.
Other have proposed DTLS protected NTP - that would be the
equivalent of one KE per NTP requests.

And again - whatever is done here; If the two server mechanisms shares
resources, such as CPU, they should have some kind of prioritisation
so that one can’t entirely starve the other, which will solve most
of these cases and also several different overload cases.
I am quite certain that there is absolute nothing we can specify that
can replace that.

Ragnar

v2.23.0 | Report a Bug | By Email