Re: [Ntp] Draft extension NTS for pools
Miroslav Lichvar <mlichvar@redhat.com> Thu, 04 January 2024 09:12 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8397EC151556 for <ntp@ietfa.amsl.com>; Thu, 4 Jan 2024 01:12:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKHUvY01gpZ8 for <ntp@ietfa.amsl.com>; Thu, 4 Jan 2024 01:12:20 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0B16C15154E for <ntp@ietf.org>; Thu, 4 Jan 2024 01:12:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704359538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ImPZA3LXreExY/vkQYd68PaHcwJgZvUpaL8jSo5G95A=; b=BAKCxs1BAFqopsVjzDvDeRVlXuBOsmlRMuSumxaEIdGeTCPHkV57528+YE8FIvkdso26lx /U34feznMEuAd2KdBoXW/XWiyt/Gmq+kJDD39vtBTul7W+t93f6PN4mNG1VCiiYTRmzOPk zMDLTWQf+w8BW+inX5O6td73NAuaPeA=
Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-616-DC0pl8CmMhOOTQzUgac2VQ-1; Thu, 04 Jan 2024 04:12:16 -0500
X-MC-Unique: DC0pl8CmMhOOTQzUgac2VQ-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2CF9F2837806; Thu, 4 Jan 2024 09:12:16 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AA53E2026D66; Thu, 4 Jan 2024 09:12:15 +0000 (UTC)
Date: Thu, 04 Jan 2024 10:12:16 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Hal Murray <halmurray@sonic.net>
Cc: NTP WG <ntp@ietf.org>
Message-ID: <ZZZ2cAjdqRz9ax9K@localhost>
References: <mlichvar@redhat.com> <ZZUIG_6jxqtb0e5T@localhost> <20240103203712.BCAAA28C1C3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
MIME-Version: 1.0
In-Reply-To: <20240103203712.BCAAA28C1C3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/47ZxJRVTNv_yqYxu6bVibHwBirY>
Subject: Re: [Ntp] Draft extension NTS for pools
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2024 09:12:20 -0000
On Wed, Jan 03, 2024 at 12:37:12PM -0800, Hal Murray wrote: > > mlichvar@redhat.com said: > > Have you considered a different approach, where the server instead of acting > > as a proxy simply provides a list of hostnames and NTS-KE as the next > > protocol? > > Why not use DNS SRV? It was proposed before https://datatracker.ietf.org/doc/html/draft-ladd-nts-for-ntp-pool It would scale much better than TLS. However, it relies on DNSSEC, which still doesn't seem to be widely supported by system resolvers, so applications would need to use their own and deal with potential configuration issues. > Is the next protocol needed? All NTS-KE requests and responses are required to have a next protocol. It's not NTPv4, so a new type would need to be defined. > Is there a good DNS library (for c) that supports SRV? libunbound. -- Miroslav Lichvar
- Re: [Ntp] Draft extension NTS for pools Hal Murray
- Re: [Ntp] Draft extension NTS for pools Miroslav Lichvar
- Re: [Ntp] Draft extension NTS for pools Miroslav Lichvar
- [Ntp] Draft extension NTS for pools David Venhoek
- Re: [Ntp] Draft extension NTS for pools David Venhoek
- Re: [Ntp] Draft extension NTS for pools Miroslav Lichvar
- Re: [Ntp] Draft extension NTS for pools David Venhoek
- Re: [Ntp] Draft extension NTS for pools Miroslav Lichvar
- Re: [Ntp] Draft extension NTS for pools David Venhoek
- Re: [Ntp] Draft extension NTS for pools David Venhoek
- Re: [Ntp] Draft extension NTS for pools Hal Murray