IETF Logo Mail Archive

Re: [Ntp] NTPv5: big picture

Paul Gear <ntp@libertysys.com.au> Sat, 02 January 2021 01:54 UTC

Return-Path: <ntp@libertysys.com.au>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8843A0905 for <ntp@ietfa.amsl.com>; Fri, 1 Jan 2021 17:54:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=libertysys.com.au
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efADTSBdw19I for <ntp@ietfa.amsl.com>; Fri, 1 Jan 2021 17:54:48 -0800 (PST)
Received: from mail.libertysys.com.au (2001-44b8-2100-3f00-0000-0000-0000-0019.static.ipv6.internode.on.net [IPv6:2001:44b8:2100:3f00::19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0C9E3A0902 for <ntp@ietf.org>; Fri, 1 Jan 2021 17:54:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.libertysys.com.au (Postfix) with ESMTP id F152C1805E4 for <ntp@ietf.org>; Sat, 2 Jan 2021 11:54:44 +1000 (AEST)
X-Virus-Scanned: Debian amavisd-new at mail2.gear.dyndns.org
Received: from mail.libertysys.com.au ([127.0.0.1]) by localhost (mail.gear.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W9TfXKgrZyKa for <ntp@ietf.org>; Sat, 2 Jan 2021 11:54:39 +1000 (AEST)
Received: from [IPv6:2001:44b8:2100:3f40:98a3:b4a2:f254:6dd7] (unknown [IPv6:2001:44b8:2100:3f40:98a3:b4a2:f254:6dd7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.libertysys.com.au (Postfix) with ESMTPSA id 3AAE618049C for <ntp@ietf.org>; Sat, 2 Jan 2021 11:54:39 +1000 (AEST)
Authentication-Results: mail.libertysys.com.au; dmarc=fail (p=quarantine dis=none) header.from=libertysys.com.au
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=libertysys.com.au; s=2016; t=1609552479; bh=AvkjCh2tDei+afPkimUZR7E6Rp+z6Ux/mm1ZzXkYN7Q=; h=Subject:To:References:From:Date:In-Reply-To:From; b=FeZACnT1VVR/yZgFEsbi/xLEt8WYVCSs8GFSYI77iYU5rIzwXGn6ZNWEVOm4iozhu tcgiOcNuBfHrln2FmVWvAEQvk3Ytm4LoCTIYAK+JhvwMk+LIJkMWv/7SOqw54Kv5zQ Mie9XA1XUvs2dZ4mPfPOWC8mKryAqb7XId7u5lPY=
To: ntp@ietf.org
References: <20210101025440.ECE3340605C@ip-64-139-1-69.sjc.megapath.net> <0DF4D79B-29BA-4DB0-A3D6-EE3B6AE807DF@meinberg-usa.com> <993FEEB5-F498-472E-813E-E684E273612F@akamai.com>
From: Paul Gear <ntp@libertysys.com.au>
Message-ID: <1e57c173-d3a9-4621-df47-0e847e837abf@libertysys.com.au>
Date: Sat, 02 Jan 2021 11:54:38 +1000
MIME-Version: 1.0
In-Reply-To: <993FEEB5-F498-472E-813E-E684E273612F@akamai.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-AU
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/1q87uT4CThBXqV66ndrxNIcqoeU>
Subject: Re: [Ntp] NTPv5: big picture
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jan 2021 01:54:49 -0000

On 2/1/21 3:08 am, Salz, Rich wrote:
>>    I would say that the unifying themes for ntpv5 are greater flexibility, and higher accuracy, compared to ntpv4.  
> I would like to see security on that list.


Hi everyone,

I would like to add my agreement with the increased security
requirement, add another general theme which will, at times, need to be
traded off against some of the other requirements: commends itself for
wide deployability.

What I mean here is that we have the user base of the public pool, and
many other pools which are publicly-accessible but run independently
(e.g. Apple, Cloudflare, Google, Microsoft, Ubuntu) which collectively
amount to billions of users who depend on NTP, but many (most?) of whom
don't care much about accuracy and may even be ignorant of NTP's existence.

It's great to aim for making NTP more suitable for high-accuracy
environments which can currently only be served by PTP, but we shouldn't
do this at the cost of making NTPv5 less viable for adoption by those
billions by making it harder to deploy (e.g. by requiring changes to
every firewall which allows NTP, or making it hard to work out whether
you're looking at UTC or TAI time).

I'm not saying that the WG is failing at this presently.  But it's easy
to get preoccupied with time-nerd concerns and we need to work hard at
keeping the use case of the massive majority in focus.

Regards,
Paul

v2.23.0 | Report a Bug | By Email