Re: [Ntp] [EXT] Re: NTPv5 KISS code support

Daniel Franke <dfoxfranke@gmail.com> Fri, 03 November 2023 12:23 UTC

Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57591C15198C for <ntp@ietfa.amsl.com>; Fri, 3 Nov 2023 05:23:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHr1dTEzuSmD for <ntp@ietfa.amsl.com>; Fri, 3 Nov 2023 05:23:13 -0700 (PDT)
Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9E58C14CF1A for <ntp@ietf.org>; Fri, 3 Nov 2023 05:23:13 -0700 (PDT)
Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-1f084cb8b54so124637fac.1 for <ntp@ietf.org>; Fri, 03 Nov 2023 05:23:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699014192; x=1699618992; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=CyrcjPM+RkyT8LRYMDryUH/U81KmK/Z3Znu6H/DNV1Y=; b=lHBbthkTLqmdpSJqSpusFn6fyJS4VXeS/GsEKJlnftvTDSV8ttYKYilLzhHGHbWOR9 5XmVfPi0xlA/v7evklJxRBvkEKBkywTb65UqHRRNMRVozTMw32ACG0bC647srStfMQXa ZocCT163atY8pKdEBdWceFJj3HUHZbVuCziKB/43j6/RtfgcFXszaFBjxbtGuImfk8pq 11zn/baE37+RZ3Kq4QbKsMrkdP6owYkseX5BHCrzeCUXDI4CaxbrUkrNQWU5Rrw2Bm8U hh9SPn3ex8hnblnwEyzebiFmqjxMRyt8puyEqmrK34FFcFY8g3/pMzZTa2ApF1JsHk5q zOdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699014192; x=1699618992; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CyrcjPM+RkyT8LRYMDryUH/U81KmK/Z3Znu6H/DNV1Y=; b=Se8Mn0pbfH1FnQ1tnIY9gzQohK+H1LfFD2gZa/pmu7G66U2wUbiUz2oaDa4rhbG4E+ SgxdWy6WZy9u4lRKOtr3d33RPtpFY/585dDNY98Ck9OmFEAnhK4N/rQ5NcysDkxbIlpb P1mrNEk9YzJ7qgDI+GV+eg6O4yB1FyjpENpu+0WXwSDrVhwZyeCE8/pz6ESwhOtcIv8G a/75fHFF1XtG4arUlPNnQIIdMmyNr1+8DryMQcp+IR6UA5yuZlyCAfX7+tdpfbhn/Nhx K+WS46dVvCEGRtGKpS+RVpLZXgRFXqxTkquleFjVjpICs1MGe+Awdqa1IB48yM3P7uoW 35DA==
X-Gm-Message-State: AOJu0YwR7A2LGuh3KYJs7lQolES3JMjvSjE0Dqm7BC3N/iFOFjLCErrk lstvJRW7PDCww9ICXbWEHp+a/nhtlbVRfMtSIa0=
X-Google-Smtp-Source: AGHT+IHgBcvchegStqk2EXlqUmjzSzZuDiBo6Qvum/VSZo3hTP2Ucjk+/19f9yNsg/pZZQ7UJix5Jh+8RmAdUTO8Y+c=
X-Received: by 2002:a05:6870:970c:b0:1e9:9215:3987 with SMTP id n12-20020a056870970c00b001e992153987mr26124974oaq.16.1699014192081; Fri, 03 Nov 2023 05:23:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAPz_-SWRUTB2wQeLg5wS_c34D-7R-Ngcek13rzknyiGf9iG-tA@mail.gmail.com> <ZUNnqmnEVDx1538O@localhost> <960aba9f833b4461863ea165df632ea5@ukr.de>
In-Reply-To: <960aba9f833b4461863ea165df632ea5@ukr.de>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Fri, 03 Nov 2023 08:23:01 -0400
Message-ID: <CAJm83bDHvj9MVvNhnTS0riUqTWCz-y5gCes0v3K0ViXrZ4t9ow@mail.gmail.com>
To: "Windl, Ulrich" <u.windl@ukr.de>
Cc: Miroslav Lichvar <mlichvar@redhat.com>, David Venhoek <david@venhoek.nl>, NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/65Ipq9h2UfeIcFtJPMWNYIUaWb8>
Subject: Re: [Ntp] [EXT] Re: NTPv5 KISS code support
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2023 12:23:14 -0000

I agree with Miroslav: KISS codes as they exist today are broken to
the point of uselessness as a rate-limiting tool. In my early NTPv5
sketch, I replaced them with a couple of fields in the base packet
which allow the server to inform clients of limits on how often it
wants to be polled, with one field for maximum sustained rate and
another for maximum burst rate. Compliance is still voluntary, but it
avoids any need for state-keeping on the server side because it just
sends the same information to everyone.

On Fri, Nov 3, 2023 at 2:47 AM Windl, Ulrich <u.windl@ukr.de> wrote:
>
> Hi!
>
> So you are saying the KoD (Kiss of Death) as it is specified now is broken by design?
> I see two possibilities:
> 1) Drop the concept for NTPv5
> 2) Improve the concept for NTPv5
> Basically I think KoD is a good idea to inform the client about an issue the server sees, be it technical or political (policy).
>
> Kind Regards,
> Ulrich Windl
>
> -----Original Message-----
> From: ntp <ntp-bounces@ietf.org> On Behalf Of Miroslav Lichvar
> Sent: Thursday, November 2, 2023 10:11 AM
> To: David Venhoek <david@venhoek.nl>
> Cc: NTP WG <ntp@ietf.org>
> Subject: [EXT] Re: [Ntp] NTPv5 KISS code support
>
> On Wed, Nov 01, 2023 at 03:37:44PM +0100, David Venhoek wrote:
> > Hi All,
> >
> > I have made a pull request with suggested wording for including kiss
> > code support in ntpv5. The PR can be found
> > athttps://github.com/mlichvar/draft-ntp-ntpv5/pull/9, the suggested
> > patch is also included below for completeness. Please do share any
> > feedback regarding the chosen design, this looked good to me but there
> > may be better approaches.
>
> This looks similar to the description of DENY, RSTR, RATE codes in RFC
> 5905.
>
> One problem is that it's a security issue, a denial of service for the
> client. A single spoofed response shouldn't be able to completely break
> synchronization with a server. There needs to be some maximum poll
> value specificied for RATE and some interval specified for RSTR and
> DENY. With that, I would ask how is it better than what we already
> have with the suggested poll interval returned in a normal server
> response.
>
> The other issue is the most buggy clients that would need this
> handling are least likely to implement it, at least that's what
> we have seen with (S)NTPv4 implementations. With the most severe bugs
> that lead to flooding of servers (e.g. in systemd-timesyncd and
> Fortigate firewalls for example), handling of these codes wouldn't
> make a difference anyway. By the time the client receives a response
> from the server, it has already sent another request, so it couldn't
> accept it as valid even if it had this functionality implemented.
>
> --
> Miroslav Lichvar
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp