Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
Miroslav Lichvar <mlichvar@redhat.com> Mon, 08 March 2021 13:06 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5D213A2327 for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 05:06:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.068
X-Spam-Level:
X-Spam-Status: No, score=-3.068 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJp7U7Lty28I for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 05:06:34 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D5353A22C8 for <ntp@ietf.org>; Mon, 8 Mar 2021 05:06:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615208793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=hco6nWzgSqibQrRYp5zRqkw44+/ehV+zWnIuJWtIKrM=; b=bfvNT8fjVbDNkaSvMqBDTVkr5Kco09mTpccIjwj0JTQTsr5yVf0te88euPilLSKli1Y2Uc UW+YX51R+9NijIlCTEnag3FDat0UI9P+SzM1D31c/T3wFL0NlNAgefNQMGJcDUW8VeYyBV Q0uaBFvOO0Q+Din2b0JewNSqG2dIN0c=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-65-XIkFjVx2PLqys-2kVOexLw-1; Mon, 08 Mar 2021 08:06:31 -0500
X-MC-Unique: XIkFjVx2PLqys-2kVOexLw-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 47C835223; Mon, 8 Mar 2021 13:06:30 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 24F7C1F413; Mon, 8 Mar 2021 13:06:28 +0000 (UTC)
Date: Mon, 08 Mar 2021 14:06:27 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Heiko Gerstung <heiko.gerstung@meinberg.de>
Cc: "Langer, Martin" <mart.langer@ostfalia.de>, Watson Ladd <watsonbladd@gmail.com>, NTP WG <ntp@ietf.org>
Message-ID: <YEYhUyx1r6aAO1Xi@localhost>
References: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com> <f51dfb1db7c843ecaf58efac526d30ef@ostfalia.de> <6C614D22-A00E-432E-A65E-9A21F8B4476E@meinberg.de> <YEYHHhIrYv4ZhTkl@localhost> <6626A848-B90A-4858-8807-833FD74E6A09@meinberg.de>
MIME-Version: 1.0
In-Reply-To: <6626A848-B90A-4858-8807-833FD74E6A09@meinberg.de>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/2CNaQ5Ivye1ErdxyQ_MnuRlXeUs>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 13:06:36 -0000
On Mon, Mar 08, 2021 at 01:41:40PM +0100, Heiko Gerstung wrote: > Hi Miroslav, > > even if cookies would not be required, I would still want to keep this concept simply because we can re-use the whole NTS4NTP mechanism and do not have to invent yet another protocol etc. If I understand it correctly, the authentication mechanism is already specified in 1588-2019. It just needs some keys to be set up. This draft proposes an NTS-KE based protocol for that. > Plus, you do not need any state for the unicast negotiation itself. It is a short, quick packet exchange between a client and a GM and once it has been completed, the GM does not need to store any data about the client for the next unicast negotiation. When successful, the GM enters the packet transmission phase (which requires state as the GM needs to set up a packet transmission for a slave), but using the cookie concept for the unicast negotiation phase would allow a NTS-KE server to hand out cookies to a NTS/PTP client who could then use them to request packet transmission from a separate list of Unicast GMs. If you don't have any client-specific state on the server (and hardcode the address in the cookie), how do you prevent replay attacks, e.g. canceling a previous request, or changing the message rate to a previous value, or requesting unicast transmissions for clients that no longer exist to cause a DoS attack on the server? -- Miroslav Lichvar
- [Ntp] Comments on draft-langer-ntp-nts-for-ptp Watson Ladd
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Hal Murray
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Dieter Sibold
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Doug Arnold
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung