IETF Logo Mail Archive

Re: [Ntp] NTS IANA request

"kodonog@pobox.com" <kodonog@gmail.com> Fri, 07 June 2019 03:29 UTC

Return-Path: <kodonog@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660A612010D for <ntp@ietfa.amsl.com>; Thu, 6 Jun 2019 20:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_PDS_FROM_2_EMAILS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_E7dmvXUsXY for <ntp@ietfa.amsl.com>; Thu, 6 Jun 2019 20:29:56 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A51781200FF for <ntp@ietf.org>; Thu, 6 Jun 2019 20:29:56 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id i125so430856qkd.6 for <ntp@ietf.org>; Thu, 06 Jun 2019 20:29:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LsNmdyP9+Br6WnWYCG4iosjS80mICUw9RShnti7p4Zw=; b=gkAr6fuw8lUlF9Xzv3UYTOLXUVIT/SWTcDyfD4UVg6s8worKSSH+R8QAR7YR8jRcEd YGGMX/rxpw5rpAMocShQwLibw6jHLF42QOWJNPx+5sYx3WoL9+EcH9jxhMY4gxHEgJTQ 2Iei4YbDxg0A09EgDE0e3tjvX+EPp/L6aws1Pd410flhktaieMhvgVGaXaWspbEs2XJE tEpuzyJCKXECg6A0rVBgBY2fhOd34VYMNROs4nqImePxAsBNWXNAADiCExOe24EHiKXU +znPSQY26U1adlOia0/ABmIjKPos8Egx1kag3a8GwvVysu9LEJa02Of3F6hLgcZmXh3p ypew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LsNmdyP9+Br6WnWYCG4iosjS80mICUw9RShnti7p4Zw=; b=e7g6ly4OmdhdsfMlIXA8dGHXV4dbWL1y5SSO/zKSB1I72vLUxBaHw65GnLF5vCjRu/ HwScn6hVjOAiYUazvt+pV4TNqHtaOTvuEM9UfWyfiRrYMFhKdM60mP8Ym/VE1yfkncsa 5A5w5Wjl4u4A7U532wZb58HeWSeqvSpofn/ot0f1kF5UPcgsYizJB5WjiZQYBc+DrlXU KaY8tDd2NfEn6wcIRmmigr6AFZQQyk7rROlirMRAxODu/ZUIAZGS8m8sVcT5+U3MzuRU 86QJMefh/AB7YkfqHA0ZS3oo5nMBjUQAnUKt38eaBvVwvgZFkA9uEBCmComBtErzaXN7 jGMQ==
X-Gm-Message-State: APjAAAUHTpk15cMNxnR7K8UbhiS31vguQ5A37O+5f58twJobJ2uIAQiG DXeVhANR1OcGqn2+Y4Rb
X-Google-Smtp-Source: APXvYqwHFCaoCUiB8+O+8NuXZJiwYTEMlEF78+67yvApnOulaubooKYC+H0BG447QUVK7+wtgXK8JQ==
X-Received: by 2002:a37:8e03:: with SMTP id q3mr42938889qkd.234.1559878195798; Thu, 06 Jun 2019 20:29:55 -0700 (PDT)
Received: from [192.168.1.126] (d-65-99-124-221.va.cpe.atlanticbb.net. [65.99.124.221]) by smtp.gmail.com with ESMTPSA id n19sm370324qkg.58.2019.06.06.20.29.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jun 2019 20:29:55 -0700 (PDT)
From: "kodonog@pobox.com" <kodonog@gmail.com>
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
Date: Thu, 06 Jun 2019 23:29:54 -0400
X-Mailer: MailMate (1.12.5r5635)
Message-ID: <148F045D-2ADC-42DF-A8F5-0A739A4BC992@gmail.com>
In-Reply-To: <0e4e607c-15b6-bb20-5e43-7fadeaf36471@nwtime.org>
References: <CAN2QdAH9Uh_wYSEizgYTjd4Q6VFQT+tvH8dnbPgKKc59+vEfng@mail.gmail.com> <a123d81b-4994-9e35-58eb-6845cf439f91@nwtime.org> <20190605164753.6e71fcaa@rellim.com> <03055E77-EB42-494E-A231-039C4603E256@akamai.com> <CAJm83bDYZ+vcwkhFEf2YCAVwKcSm7rEgbuB0Wwsvm5XVVAMjuQ@mail.gmail.com> <C8E4189E-E3A1-4926-AF0F-93BE9C7255C8@akamai.com> <CAJm83bBkU91st1CFAsx+JCLpxXyWOQnSTY9sXeuA96R8pqXdCA@mail.gmail.com> <14042f44-6cf0-0c23-c0d1-777ea7580cbc@nwtime.org> <0CAA3A39-12CB-4A23-A3E3-A9934FED312C@gmail.com> <0e4e607c-15b6-bb20-5e43-7fadeaf36471@nwtime.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/8VrBtLdtoXulV1LXkYNKy7M1IcI>
X-Mailman-Approved-At: Thu, 06 Jun 2019 20:33:45 -0700
Subject: Re: [Ntp] NTS IANA request
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 03:30:00 -0000

Harlan,

Saying something is “total rubbish” is not actionable by the working 
group. You have several other options in this case…

You can indicate that you don’t agree with the technical points being 
made either individually or as a set.

Or, you can indicate that you don’t agree with the statement that the 
working group has concluded the specific points made.

If you don’t have time to comment on specific questions you can 
indicate that as well.

But I ask you, and all working group members to maintain a certain level 
of professionalism on the mailing list.

Thank you!
Karen

On 6 Jun 2019, at 23:24, Harlan Stenn wrote:

> My response was intended to be a technical response.
>
> I don't have the time or the desire to refute all of the wrong claims 
> in
> this thread.
>
> H
>
> On 6/6/2019 8:23 PM, kodonog@pobox.com wrote:
>> Harlan,
>>
>> As we have discussed privately, this type of email response is not 
>> helpful.
>> Please limit your comments on the mailing list to specific technical
>> concerns.
>>
>> Thank you!
>> Karen
>>
>> On 6 Jun 2019, at 17:42, Harlan Stenn wrote:
>>
>>> As best as I can tell, the following is total rubbish.
>>>
>>> H
>>>
>>> On 6/6/2019 11:28 AM, Daniel Franke wrote:
>>>> As a slight tangent, we never concluded the discussion as to what
>>>> we're going to do about the fact that so many ISPs are dropping
>>>> 123/udp traffic with payloads larger than 48 bytes. I think we got 
>>>> as
>>>> far as concluding:
>>>>
>>>> 1. We're never going to persuade enough ISPs to change their 
>>>> policy,
>>>> making 123/udp basically doomed.
>>>> 2. NTS-KE's port negotiation record gives us all the mechanism we 
>>>> need
>>>> in order to run NTP-with-NTS over an alternate port.
>>>>
>>>> But that left an unresolved question: do we allocate a fixed 
>>>> alternate
>>>> UDP port, or should servers ask the OS for a dynamic port and then 
>>>> use
>>>> NTS-KE to advertise whatever the OS assigns to them? Both choices 
>>>> have
>>>> firewall-related drawbacks. If we use a fixed port, we risk landing
>>>> ourselves right back in the same situation we're in today with 123. 
>>>> At
>>>> minimum, to protect ourselves from this, the NTF would have to 
>>>> commit
>>>> to adding some code to ntpd such that it will refuse to ever send 
>>>> mode
>>>> 6 or 7 responses over the new port no matter what configuration the
>>>> user gives it. (Yes, mode 6 too, because mode 6 still amplifies, 
>>>> just
>>>> not as severely as mode 7 does). If we use a dynamic port, then it
>>>> becomes much harder for ISPs to block us, but it also becomes 
>>>> harder
>>>> for corporate firewalls with a default-deny-all policy to let us
>>>> through.
>>>>
>>>> On Thu, Jun 6, 2019 at 1:06 PM Salz, Rich <rsalz@akamai.com> wrote:
>>>>>
>>>>>>    I'm strongly opposed to modifying NTS-KE to involve sending 
>>>>>> a
>>>>>> STARTTLS
>>>>>     as a first step of the handshake. I don't want to make a 
>>>>> breaking
>>>>>     change to a protocol that's passed WGLC and has four 
>>>>> interoperating
>>>>>     implementations in order to accommodate a protocol that has
>>>>> never been
>>>>>     implemented and whose specification consists of three vague
>>>>> sentences
>>>>>     in an unadopted and expired I-D.
>>>>>
>>>>> I wasn't strongly advocating either mechanism, just trying to
>>>>> explain how things could share a port if that's what we wanted to 
>>>>> do.
>>>>>
>>>>> For the record, since I see no definition of NTP/TLS, I am in 
>>>>> favor
>>>>> of assigning 123/TCP to NTS.
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> ntp mailing list
>>>> ntp@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ntp
>>>>
>>>
>>> -- 
>>> Harlan Stenn, Network Time Foundation
>>> http://nwtime.org - be a Member!
>>>
>>> _______________________________________________
>>> ntp mailing list
>>> ntp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ntp
>>
>
> -- 
> Harlan Stenn, Network Time Foundation
> http://nwtime.org - be a Member!

v2.23.0 | Report a Bug | By Email