Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp

Miroslav Lichvar <mlichvar@redhat.com> Mon, 08 March 2021 11:14 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 825FE3A0A63 for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:14:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.368
X-Spam-Level:
X-Spam-Status: No, score=-2.368 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rXF7iPehsip4 for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:14:46 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 584A43A0A6F for <ntp@ietf.org>; Mon, 8 Mar 2021 03:14:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615202085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=16hdIoTA/j99kbY1/VM1q3mjaRqMrlP9PHICeK2qqro=; b=CO4DkCSxyWryWLBGoUZvrysNLJ7ochy+Ig92AYtQlO3BOZYKfyy5BSR63Tj78dIEg6CmV4 PohMU/7WhBzb4EYE4DF12YOmce2UEfqK7X9WaB7az1vvZOMAzOB+xN6ktCsfEqHl83y6yh 39IN+Wnqp/X58l7kQBzJAIBBX3vr98Y=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-98-Z_d6KdsuNHqISL5NxxnOOg-1; Mon, 08 Mar 2021 06:14:43 -0500
X-MC-Unique: Z_d6KdsuNHqISL5NxxnOOg-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 63DC380432F; Mon, 8 Mar 2021 11:14:42 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C727319CB1; Mon, 8 Mar 2021 11:14:39 +0000 (UTC)
Date: Mon, 08 Mar 2021 12:14:38 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>
Cc: "Langer, Martin" <mart.langer@ostfalia.de>, Watson Ladd <watsonbladd@gmail.com>, NTP WG <ntp@ietf.org>
Message-ID: <YEYHHhIrYv4ZhTkl@localhost>
References: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com> <f51dfb1db7c843ecaf58efac526d30ef@ostfalia.de> <6C614D22-A00E-432E-A65E-9A21F8B4476E@meinberg.de>
MIME-Version: 1.0
In-Reply-To: <6C614D22-A00E-432E-A65E-9A21F8B4476E@meinberg.de>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/8s6Cox3NAzlHjX17V5hNkawWKzs>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 11:14:48 -0000

On Mon, Mar 08, 2021 at 11:43:29AM +0100, Heiko Gerstung wrote:
> As far as I can see, up until this point the mechanism can be very similar to NTS4NTP. We most probably need a different cookie format, but the rest should be OK. Once we did 1 + 2, the unicast master will start the PTP packet transmission to the authenticated (via the cookie) PTP client. The client will also start sending Delay Req packets and requires the GM to respond with unicast delay responses. 
> 
> During this packet transmission phase I propose to use the S2C to secure the packets from the GM to the client (ANNOUNCE, SYNC, DELAY_RESP) and the C2S key to secure the packets from the NTS/PTP client to the GM (i.e. DELAY_REQ). 

I don't think it makes sense to use NTS cookies in PTP, even if you
limit the NTS support to the unicast mode. The main point of the
cookies is to avoid having client-specific state on the server. That's
not possible in PTP as announce and sync messages are not responses to
requests. They are sent at their own interval, which can be different
from the delay request interval.

In PTP there has to be some client-specific state and the clients need
to be authenticated. Very different from NTS-for-NTP.

-- 
Miroslav Lichvar