[Ntp] Re: Grease in Roughtime
Marcus Dansarie <marcus@dansarie.se> Tue, 24 September 2024 15:41 UTC
Return-Path: <marcus@dansarie.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F90C151531 for <ntp@ietfa.amsl.com>; Tue, 24 Sep 2024 08:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dansarie.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZgcjGYxDuO4 for <ntp@ietfa.amsl.com>; Tue, 24 Sep 2024 08:41:48 -0700 (PDT)
Received: from mail.dansarie.se (mail.dansarie.se [IPv6:2a02:7aa0:5000::14a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AEC0C14CEFF for <ntp@ietf.org>; Tue, 24 Sep 2024 08:41:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dansarie.se; s=mail; t=1727192502; bh=FtClctu0ZG6nfCHa2zp77Vjw3g6tdDI9Tr4uufXynLg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=FZlxUHpGZ8UgenAKMBnlXaSeH0yEg06wbnbeQiv4TO7fb563h49oGp3VvX2vDZjiP PatbbV/MDZ9TWC3WO/wk15S+u6+gS5UyVn1o8FyaTAgxZcwvoQUTzuXjqCskZtgm+I uAbbsnENc0tkosKH6BzPVEhpV961TdpomGvmiG6C9oaD1S25ARyyE0xDNx0B/bdXUB dWzJZqpfBBud+Z5oPLgQMm1No9+idvj/oeuf03j4ifyhozwftYyzryZLlmp1WDxFTx Im32A7iwg7s2EJ0Izsfzsa3h/WEuCKajXMWuXJRLUYzHqY+3oMpkidm7OxseWU12Qh 0I2nitFz0swtg==
Message-ID: <f8989896-0846-415c-8837-abcc0c1acfbd@dansarie.se>
Date: Tue, 24 Sep 2024 17:41:41 +0200
MIME-Version: 1.0
To: ntp@ietf.org
References: <CAPz_-SUY9egByeG+cSHXFqbc6XzRmkpCF7Y4QS2ud0LmOjccAA@mail.gmail.com> <55dedf3b-04f7-4efe-bb8a-6aee9554e011@dansarie.se> <OF4F731B07.08990379-ONC1258BA2.0029CC70-C1258BA2.002AB2EE@ptb.de>
Content-Language: en-US
From: Marcus Dansarie <marcus@dansarie.se>
In-Reply-To: <OF4F731B07.08990379-ONC1258BA2.0029CC70-C1258BA2.002AB2EE@ptb.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: LYKAKIGYEKT35I26KXJHJVROYZHSDQUP
X-Message-ID-Hash: LYKAKIGYEKT35I26KXJHJVROYZHSDQUP
X-MailFrom: marcus@dansarie.se
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "kristof.teichel@ptb.de" <kristof.teichel@ptb.de>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ntp] Re: Grease in Roughtime
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ATrAgpBPvS47hJriwIjuwrfLqOM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>
Hi Kristof, the point of greasing the signatures by providing bad time and bad signatures is to force implementations to check signatures, thereby preventing lazy implementations. Greasing signatures in this way has been in the text since Aanchal's first draft in 2019. The latest change just makes the purpose explicit. Kind regards, Marcus On 2024-09-24 09:46, kristof.teichel=40ptb.de@dmarc.ietf.org wrote: > Hi Marcus, > > thanks for doing my pull request and integrating my changes. I should > have done it earlier, but didn't. > > About the GREASE section... can you explain the thinking behind randomly > sending faulty packets? > a) How would anyone (other than the client itself) even know whether > or not the client reacted correctly (discarding a packet with > inconsistent data or an invalid signature)? > I don't think I see who would even evaluate this as a test, much > less how this could "ensure that clients validate signatures". > What am I missing here? > b) Wouldn't it make more sense to send packets with a valid timestamp > but invalid signature - so that in the case of misbehaviour (accepting > the time in spite of incorrect signature), nothing terrible would happen? > > > Besten Gruß / Kind regards, > Kristof Teichel > > __________________________________________ > > Dr.-Ing. Kurt Kristof Teichel > Physikalisch-Technische Bundesanstalt (PTB) > Arbeitsgruppe 4.42 "Zeitübertragung" > Bundesallee 100 > 38116 Braunschweig (Germany) > Tel.: +49 (531) 592-4471 > E-Mail: kristof.teichel@ptb.de > __________________________________________ > > > > Von: "Marcus Dansarie" <marcus@dansarie.se> > An: ntp@ietf.org > Datum: 23.09.2024 22:49 > Betreff: [Ntp] Re: Grease in Roughtime > ------------------------------------------------------------------------ > > > > Thanks for the comments! > > I just made a pull request on Github > (https://github.com/ietf-wg-ntp/draft-roughtime/pull/4 <https:// > github.com/ietf-wg-ntp/draft-roughtime/pull/4>) that should > clarify how grease is used in Roughtime. It also addresses most of > Martin and Kristof's comments. > > On 2024-09-17 13:52, David Venhoek wrote: >> First of all, regarding the ver tag, there is no requirement for >> servers to ignore unknown versions in that tag. this means that >> technically it is valid behavior right now for a server receiving >> unknown versions to reject that packet, even if there is version >> overlap. This seems highly undesirable > > I don't think I fully understand the problem you are describing here > however. Could you give an example? > > Kind regards, > Marcus > > _______________________________________________ > ntp mailing list -- ntp@ietf.org > To unsubscribe send an email to ntp-leave@ietf.org > > > > _______________________________________________ > ntp mailing list -- ntp@ietf.org > To unsubscribe send an email to ntp-leave@ietf.org
- [Ntp] Grease in Roughtime David Venhoek
- [Ntp] Re: Grease in Roughtime Marcus Dansarie
- [Ntp] Re: Grease in Roughtime kristof.teichel
- [Ntp] Re: Grease in Roughtime Marcus Dansarie
- [Ntp] Re: Grease in Roughtime kristof.teichel
- [Ntp] Re: Grease in Roughtime David Venhoek
- [Ntp] Re: Grease in Roughtime Marcus Dansarie
- [Ntp] Re: Grease in Roughtime Marcus Dansarie