Re: [Ntp] ntpv5 requirements
Hal Murray <halmurray@sonic.net> Tue, 14 February 2023 00:41 UTC
Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D9E9C17D685 for <ntp@ietfa.amsl.com>; Mon, 13 Feb 2023 16:41:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BMKDSb3WtOoG for <ntp@ietfa.amsl.com>; Mon, 13 Feb 2023 16:41:57 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9379DC16B5A0 for <ntp@ietf.org>; Mon, 13 Feb 2023 16:41:57 -0800 (PST)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (104-182-38-69.lightspeed.sntcca.sbcglobal.net [104.182.38.69]) (authenticated bits=0) by c.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 31E0fucg008653 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 13 Feb 2023 16:41:56 -0800
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id E1F5128C209; Mon, 13 Feb 2023 16:41:55 -0800 (PST)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
To: NTP WG <ntp@ietf.org>
cc: Hal Murray <halmurray@sonic.net>
From: Hal Murray <halmurray@sonic.net>
In-Reply-To: Message from Miroslav Lichvar <mlichvar@redhat.com> of "Mon, 13 Feb 2023 17:06:30 +0100." <Y+pgBgc/5dJ9wtAP@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 13 Feb 2023 16:41:55 -0800
Message-Id: <20230214004155.E1F5128C209@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVYwvlf5rC9cDddCX1zi/yBBh9sHpEQ04peYGg+h1EGcydHobWdrRFpJ6gPTNzREbbhi/ySZep6Jt04v/oF3u/fBKnPOVN0reX0=
X-Sonic-ID: C;WLjdYQCs7RGfSyxnR+6Zsg== M;7LrxYQCs7RGfSyxnR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/4rJQigCble44cH8LcGWOpRVbvr0>
Subject: Re: [Ntp] ntpv5 requirements
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2023 00:41:58 -0000
mlichvar@redhat.com said: > I would be curious to see what NTS-NTP to NTS-KE request ratio do the > well-known NTS providers like Cloudflare and Netnod have. I'm not sure any current statistics will be worth much tomorrow. All it takes is one implementation to get shipped in a home router and all previous data will get swamped. >From ntp1.glypnod.com: NTS server recvs good: 281994 NTS server recvs w error: 5283 NTS KE serves good: 736 NTS KE serves bad: 457 On that box, it takes 3.5 ms of CPU for the good KE case. Note that there are a lot of bad guys out there probing for services on non standard ports so they can try their password collection. I think that's a constant background noise, not scaling with traffic. --------- Speaking of statistics.... A while ago, we discussed how many old cookie-keys to save. (NTPsec was only saving one old one. I changed that to 9 old ones, 10 total.) NTS decode cookies total: 282006 NTS decode cookies current: 276303 NTS decode cookies old: 5526 0-24 hours old NTS decode cookies old2: 29 24-48 hours NTS decode cookies older: 136 over 48 hours NTS decode cookies too old: 12 (or garbage) -- These are my opinions. I hate spam.
- [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements James
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements Hal Murray
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- [Ntp] Costs of running NTP servers Hal Murray
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- [Ntp] Antw: [EXT] Re: ntpv5 requirements Ulrich Windl
- Re: [Ntp] Costs of running NTP servers Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements kristof.teichel