IETF Logo Mail Archive

Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt

Doug Arnold <doug.arnold@meinberg-usa.com> Fri, 15 October 2021 15:54 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71D53A0AB4 for <ntp@ietfa.amsl.com>; Fri, 15 Oct 2021 08:54:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg-usa.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYC_JKnSG9N1 for <ntp@ietfa.amsl.com>; Fri, 15 Oct 2021 08:54:00 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140081.outbound.protection.outlook.com [40.107.14.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 472933A0A74 for <ntp@ietf.org>; Fri, 15 Oct 2021 08:53:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i4zjNj6B2TP2kBju09pPfu1evpIwtVs3diIraXYs3xpJpVhYopIbBWjEVV6ORjXbuSMpU48CcR0uU0bDMhzjmJEXoQ3HgJFbFCoirBRUP3a5M48/DcaAqFa38mfbflbIaBZZb/9QbAnp21D9ttMVwAip0PktibKKW0n6osDdkngxT/zE4yNvVZKsHRL9bsPjJJirXIwjcd2QPCzMFiu7XSBsGoKlo7/uI7MCuJ/vut8RoFPPOaBN9l8OnTCYonUWWCIr1j6eFG1M1XC9D5ZcJ2UG9xNl6pfYyMH6gvWsk9wRPTtyrXsTfBImHAhIgLLfcwfBCVXsXMSmrWlp6Ww6/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BtxzfrpTZDo0GIgA/JZ1G/sTIpLj2kG9X+48+8rOad8=; b=nVr/pkwDIA6BxVCBvRiLQJc0sofJfYlHqTjrsl9S7eqUD/tYvzA8cGJoPCSpKGfLx34BN//Zeo24EZEdAB0doym/wpxU09YJB1rwaDU5c7xQOBdT+DYaV83M35KQNwWJ15L03uosNISIPKnfB9s25fw0/coqOLG0XSMspkhv+5G1dtcUupD7nPnHDh3YF9Fw2jtpFVRzW5VCqqot9WIn/4jyonbM/5NUBQD5EhYB7X5l7v4AMuHMHnj85T8lnnY/2tfouFCbZgBHl1TDCJ3Zk+YNIZq2zEFtSwsv+kALwDa2NTw9CWpWu4b2NtVC/egYxDNgD5ao7FSHQVOCSDGr8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg-usa.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BtxzfrpTZDo0GIgA/JZ1G/sTIpLj2kG9X+48+8rOad8=; b=YH3GShBkI/fJJU4g8qLiLikuOaXMmE6eR7DMOyg6lSVVhq4/VolPJzhbbhp/htPmQbDXkDhbZoDq3OEjeMPExD4eijJo4unaqp17DuFUMjZPb56bSgwqwNlKwrLlkdVOowSh7VhSGUIOM1ZxQJi+A3GzAmF4UOYAD2DRJV3D8ska7c7vpAOIDrU+dc0GdhJux8s44SsiVjpGvTwd7y28m/Y/Fv5JJcxVHtpsnzhSSrzbMaJ+35/jzeTGwYd6iHsMFO7KZCK2dzoOnZ7eeuBA4sJoa1AW560NkmTm9LTTdG1q6gUZN79pjMqxexUctWKCEivJ5M6nm0cokxS1iCiGvQ==
Received: from DB8PR02MB5772.eurprd02.prod.outlook.com (2603:10a6:10:11e::11) by DB3PR0202MB3435.eurprd02.prod.outlook.com (2603:10a6:8:3::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.25; Fri, 15 Oct 2021 15:53:45 +0000
Received: from DB8PR02MB5772.eurprd02.prod.outlook.com ([fe80::7400:dc6a:5388:44b2]) by DB8PR02MB5772.eurprd02.prod.outlook.com ([fe80::7400:dc6a:5388:44b2%8]) with mapi id 15.20.4587.026; Fri, 15 Oct 2021 15:53:45 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: James <james.ietf@gmail.com>
CC: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
Thread-Index: AQHXwabclLjd1/PPZUCL4mZrKO0rWavULxo5
Date: Fri, 15 Oct 2021 15:53:44 +0000
Message-ID: <DB8PR02MB57726795E3AD479F0CCFA778CFB99@DB8PR02MB5772.eurprd02.prod.outlook.com>
References: <163386015957.12424.6997038478834885480@ietfa.amsl.com> <CAO+dDx=6baLhf9LwSMvR1F0ieuLO6NXmExYLDvcCF2tgchHs8w@mail.gmail.com> <DB8PR02MB5772AC97BFE2D7C1139EFDC0CFB89@DB8PR02MB5772.eurprd02.prod.outlook.com> <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com>
In-Reply-To: <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none; gmail.com; dmarc=none action=none header.from=meinberg-usa.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c11ca7c7-31d9-4aa2-1f06-08d98ff3f80a
x-ms-traffictypediagnostic: DB3PR0202MB3435:
x-microsoft-antispam-prvs: <DB3PR0202MB343561432983AEAF5A59C96BCFB99@DB3PR0202MB3435.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: B5YC2ua7vEW9Ntv7ihd2HHMUcmhLufmpwFJ/Dqu9yQGGvSVw40eI1Ih220KbTLADkZW1X4idpBomPEf0baIL6pCUO779N8AfMVP5TnKbtqXO20xsURjCvnaFI8aB+DYPWvg0b+H4Z9s3xtaso64nkdB+qGcAdBKTzYV18ysVmPrRQjb6Ef7orItyksP1+3013XmT7aG5Bm+39gsqGda+5diHL+xPoZOteKyjUsM/G9Gglet4rNGg0ia45y2T8orzl0E1tAgkKVNaQQn9kdXzUmzcG9kiAuoHqr6pT9L9EtQpt5faeYubRjYXfL9wQbGamWJGonyhZtlG5taEqKTNxYU/gUI6NAQQPU4aFzo3vt9oTncpQVYDUoaXGVk5GWRET1OfyACORU0lwZvKhkAyelwkeEEbsp76/VuqmsWfqWmcUQ5MFBrN3XjJCD0XFKGw5yeKNEI/RzTz5No0n/8ZmD/XWOEZIypiZkVvAUVSDhm+7W6vTXyV4Qed19igAHt0STxkQnl6hgRgjfhSC2ds+LdjKpIbnatsTJLIxcT7ewKoZNqFLstoSyqOzIWKd+y55tpcMi13tLrQWu5ZU60AuxsXV/HhUKiI3O4i8vSPSdQc/q1uruff6cHsKL8ZfpzxVV1MhAy7Nya5NIfa5qw8DeeMNGJKStSetNNOEfWUNefImlAhpTDTV62HyKn8y10UCmHC/F+WZZuavRR4oyf5UEAo5wkVeDZSTJJF6AmGtkk7y5Zc9Wdaz5m8v6dA4sy5p3Ng8P4sjEcJoMMKdzv4RKvJc9RkO8TEmvKDJFFEr+o=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8PR02MB5772.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(39830400003)(366004)(396003)(376002)(346002)(9686003)(5660300002)(2906002)(966005)(66476007)(76116006)(66946007)(186003)(9326002)(6506007)(38070700005)(66556008)(316002)(91956017)(83380400001)(64756008)(55016002)(86362001)(166002)(66446008)(26005)(15650500001)(122000001)(6916009)(508600001)(71200400001)(4326008)(38100700002)(52536014)(7696005)(33656002)(53546011)(8936002)(44832011)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: A9oyqAlrT/DIOAuhGZVVuhumfUCxl8E0H8P4sE1Ya1+YHhMC0OUdhHuV30I/Ffind7Y30wE7fZp8tTdeO5gr4iDpVfrRZXuUSaY3gnMEoZ7a1BDa2dqJDEby7FfTGqSImLljpLSfX/JDQ3xL3FK5WN9ar5yCMETocmQSFJcBjkmfHviCQxw215wb1hctBUqBjcvxAygm2ESRtJXzBzsRV0/MHUKHKIpEglG8uGGG9PjjuEDEHcVajvPyCPG1uZjccZKCN9gCc61GaTNJYxvuHyCnHQuCZaPK/gpN/xX2NMicjABrqpkIXiAGmzdGMniXDjYiGOueq5EswWLD0g4LWrrBi6mjQb95RqNJyiPoB/AOdXc6vRaZOTNS0UTMX5C2yuMqmbGACiaVxOSPyOnTQpvz8NMRFPlxpi+s0Enr8MyxU9Uhw8mBy7rR2cbB2XInoVUbz19LDrIwmwhiCh8kwvLO4PMBadR+e5PaE+ngbCVETNB4JdRig1j4t4Ft+zNog9yZt9HlNhtdFSN7bKVOxlEkVNzcs/wIg8UsnCI1fmkNSaF4TDbh+Brql/cM5ztNly7GpgQg0q7jh+/9EYJgW8qvhPAUWk/i/JVLVNEss2YPBagsYHDG01CN0Vt/RoRRX/BYHCNigSmSymFZs8uowhSAMpUOJMpU5WZU5em7SfuL9VjKl+1GRnqETyLHvk8PIeAHPtf7l+Lg8oFg6tAGle+aqfgqp8V0qpBHsK3ptIOK8RFuwunH9xG7Auyw5efxQuG55Fs+nDg/Mv3cOlmI7UigYAfVFliO6A4Yk9r4QgamEARst8RnLxUsB5IeOYazKjutw5+koBIiZSW0CC9HrGf5WDk33brAt5ikyTA95dv8TgxR1/IEd4ebrsQDjCX6CjXJoidf61typS8lCKDUxVYz50gZrzx39uqjlopqc1K+FBwhXGk4XLZ42Ma5MEjMxdCTzKlixvK1afuAo0zpQ20uqi6fkcn1WQ/4d1ysNgVJPrONGFg9NMAFuwTr+Lg1QZV6Cn00kTC/AUfuFSNeMSFuz3GJ094dainMKLPd9z1HUutFBtVi+OQkY7WEhvEnHRWcxMlcxsswGdHd22W9tL0teYJIuK0uAvBUCPxJNuYEZZgvaRXIHm0ZTt8utP2goJ7agVQivVm9mrBVXRhIy6mdIgYwkHGKnVaV1144KTnXauenNrGl5A+Lb8fhk3OxNjkzsrxtnFcpCNTmAaXVNnt5/Z3tRNA5oMjppRN6wTeQj+MJMIevo3TVr4yXwL7UBlzRh7sf5lN4bOUv7eRWtoW5BTf2xI6tbafCmIsmL8lb0DA3W3Q/seS5zYlRSvhnMjY7eG23nqX6DFG6FLZ3bg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB8PR02MB57726795E3AD479F0CCFA778CFB99DB8PR02MB5772eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB8PR02MB5772.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c11ca7c7-31d9-4aa2-1f06-08d98ff3f80a
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2021 15:53:44.9708 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AvvV/4Qz6FaYWdrXWGBiQaJIrATZx4kCYwNVgeGPKmZSLLnyb16QI+LmkhHraEY75T2sJxPc4lV1RZxqC9kDZlNEKABEAE6Z6bspd/Hcpaw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0202MB3435
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/EZyuTrNqpDmJRhiCPOc4Q_m_2lg>
Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2021 15:54:14 -0000

Hello James,

I agree that leap smearing is a clumsy and dangerous way to avoid the complication of correctly handling leap seconds in distributed database software.  And if it was up to me all IT equipment would use TAI for all timing except what is displayed to humans.  But it is not up to me.  The people who are making the call tell me that they believe that leap seconds is less bad than either moving everything from UTC to TAI, or writing and debugging database software that manages leap seconds properly.

So given that state of affairs.  What do we do?

Doug

From: James <james.ietf@gmail.com>
Date: Friday, October 15, 2021 at 5:27 AM
To: Doug Arnold <doug.arnold@meinberg-usa.com>
Cc: NTP WG <ntp@ietf.org>
Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
Doug,
Thanks for the feedback, responses inline.


On 15 Oct 2021, at 00:45, Doug Arnold <doug.arnold@meinberg-usa.com<mailto:doug.arnold@meinberg-usa.com>> wrote:

Thanks James,

I think that this is pretty close to what is needed for ntpv5.  I like the separation of protocol and algorithms, and the use of monotonic timescale for timestamp fields (at least by default), and the insistence on security.

I have two comments:
1. Why do you think that encryption should be the default mode? People often consider timing information to be critical but not secret.  Also it is likely to affect accuracy in implementations by adding a variable delay to encrypt.

We’ve had a few discussions on list on the subject in the past, and the draft says:

> Encryption and authentication MUST be provided by the protocol specification as a default and MUST be resistant to downgrade attacks...

To put this another way, I think the specification must provide confidentiality as well as authentication, and that if either is applied they cannot be removed from a connection (aka a security downgrade) which makes authentication the minimum and doesn’t necessarily mandate confidentiality.

This section in particular could probably use some editing and clarification to better explain this [1] as we’ll likely need consensus calls made.


2. I think that it is better to allow leap smearing and make it a visible part of the protocol than to pretend it is not going to happen.  On this topic I think that Miroslav’s proposal was more realistic.  Data center network architects tell me they definitely plan to continue to do leap smearing.

In other use cases such as publicly accessible NTP, leap smearing has effectively fragmented the pools of services a given host can use as mixing smeared and non-smeared services is not a good idea, in addition to the start/end and cadence of smearing being inconsistent between providers [2]. I think that having a “linear, monotonic timescale” and leap smearing together are contradictory and so having smearing in the wire format would requiring changing that. My proposal doesn’t prevent smearing of a clock being synchronised, it’s about removing the smear from the wire.

- J

1: https://github.com/fiestajetsam/draft-gruessing-ntp-ntpv5-requirements/issues/4
2: https://mailarchive.ietf.org/arch/msg/ntp/hJTpPJ1L5bzBPhLtiQzL3bk75LM/

v2.23.0 | Report a Bug | By Email