Re: [Ntp] [EXT] Re: NTPv5 KISS code support
"Salz, Rich" <rsalz@akamai.com> Tue, 21 November 2023 18:04 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9928C151542 for <ntp@ietfa.amsl.com>; Tue, 21 Nov 2023 10:04:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hnQKLsY0Jo93 for <ntp@ietfa.amsl.com>; Tue, 21 Nov 2023 10:04:35 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 331B3C151531 for <ntp@ietf.org>; Tue, 21 Nov 2023 10:04:31 -0800 (PST)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.17.1.22/8.17.1.22) with ESMTP id 3ALFVIXX004492; Tue, 21 Nov 2023 18:04:30 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=jan2016.eng; bh=NCkOZtuYcZMAhO7CBKaXfrvbUmKxRNtLwViXdV6BfQY=; b= GhmfoHmhqL416y+v9EPicBGxWYddJPHGE/HaI2CBxb5Y98RHriAYVwWtun2HUDMQ INp8/QmWP7BKBvLwuEcZVq6aW6jqdUMZ5kDMoh0FBzu7anP0saNB4eXJXV78V5vj /wU+0754JrsikARKj8KO+wtmeBCozAB+8XjHvgp2uSDbo6e/8JiQIb2VLSopgR/9 yDRZrJ6isLQOc1EQlUHrf4hlBp+9HHMcIB1GLqXpH6A7mmF0XZjDCnMPiD9Wlfyr zHv/agQ0phyeVStbPPeU4shrlmmXQj17LmbqxZFrXB6iWRAoicowUgSMEHJ+nb/F Qw+M5gqNRXkIZXekBowQuw==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by m0050093.ppops.net-00190b01. (PPS) with ESMTPS id 3uene9s2ey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Nov 2023 18:04:30 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 3ALI2S9f005631; Tue, 21 Nov 2023 13:04:29 -0500
Received: from email.msg.corp.akamai.com ([172.27.50.204]) by prod-mail-ppoint8.akamai.com (PPS) with ESMTPS id 3uesg2k4t0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Nov 2023 13:04:28 -0500
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb5.msg.corp.akamai.com (172.27.50.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Tue, 21 Nov 2023 10:04:28 -0800
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.027; Tue, 21 Nov 2023 10:04:28 -0800
From: "Salz, Rich" <rsalz@akamai.com>
To: Hal Murray <halmurray+ietf@sonic.net>, David Venhoek <david@venhoek.nl>
CC: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] [EXT] Re: NTPv5 KISS code support
Thread-Index: AQHaGZNvmucA3aOOuUSkF5T8fXFmLLCFSXiA
Date: Tue, 21 Nov 2023 18:04:28 +0000
Message-ID: <0BBED918-A64B-49E9-A0F1-F605FC92EE72@akamai.com>
References: <david@venhoek.nl> <CAPz_-SWb4ZS+M_4Em4+aazT1yKDuFys0B+z8GU=HCV57X2zz+w@mail.gmail.com> <20231117201959.2CAB428C20C@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
In-Reply-To: <20231117201959.2CAB428C20C@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.78.23102801
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F87C51E2131D4444BECAD9623306E05F@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-21_10,2023-11-21_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=505 phishscore=0 bulkscore=0 malwarescore=0 adultscore=0 mlxscore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311210142
X-Proofpoint-GUID: eFHbowCCqf8ddQt3Z7dssTNuFmKJRmJd
X-Proofpoint-ORIG-GUID: eFHbowCCqf8ddQt3Z7dssTNuFmKJRmJd
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-21_10,2023-11-21_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 priorityscore=1501 spamscore=0 adultscore=0 phishscore=0 mlxlogscore=550 suspectscore=0 impostorscore=0 bulkscore=0 mlxscore=0 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2311060001 definitions=main-2311210142
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ChtvWiBZEsQb2OgysHvxYtv5LuA>
Subject: Re: [Ntp] [EXT] Re: NTPv5 KISS code support
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Nov 2023 18:04:38 -0000
> In the Cryptographic failure case, it might be reasonable to send back a non-authenticated message saying why the crypto didn't work. The catch is that the receiver would have to not take any action since it might be forged, but it could be logged for debugging. In general, you want to avoid giving any details about what went wrong if the cryptography fails, because that is information that an attacker can use. It might not matter here because the client is basically read-only, but we'd want to document that in the security considerations.
- [Ntp] NTPv5 KISS code support David Venhoek
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Miroslav Lichvar
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Hal Murray
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Miroslav Lichvar
- Re: [Ntp] NTPv5 KISS code support Miroslav Lichvar
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Windl, Ulrich
- Re: [Ntp] [EXT] KISS => NAT => Rate limiting Windl, Ulrich
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Daniel Franke
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Hal Murray
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Ira McDonald
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Miroslav Lichvar
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support David Venhoek
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Hal Murray
- [Ntp] KISS => NAT => Rate limiting Hal Murray
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Daniel Franke
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support David Venhoek
- [Ntp] Rate limiting/reflection prevention (Was: N… David Venhoek
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Hal Murray
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Miroslav Lichvar
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Danny Mayer
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Salz, Rich
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Hal Murray
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Danny Mayer
- Re: [Ntp] [EXT] Re: Re: NTPv5 KISS code support Windl, Ulrich
- Re: [Ntp] [EXT] Re: Re: NTPv5 KISS code support Danny Mayer
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Hal Murray
- Re: [Ntp] [EXT] Re: NTPv5 KISS code support Forrest Christian (List Account)