Re: [Ntp] The trick to timestamp with authentication
Doug Arnold <doug.arnold@meinberg-usa.com> Fri, 04 December 2020 01:03 UTC
Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5FB3A10F5 for <ntp@ietfa.amsl.com>; Thu, 3 Dec 2020 17:03:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyky_A4iwCk9 for <ntp@ietfa.amsl.com>; Thu, 3 Dec 2020 17:03:21 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80050.outbound.protection.outlook.com [40.107.8.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 247743A0E7B for <ntp@ietf.org>; Thu, 3 Dec 2020 17:03:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J0gsNTe4heqVkK9saRNzMciAYHD33PaceP4UpDPq2Lw5ZtX+JrTun2/KTOWxwyvKljTCDkdv7//BDLcn3/bW2m2l5KrlHMQORc2+oo3eZH7Jbyn12R9dkjhVK91Z+67av/oTcCmVJXEwTcfWfHi8XmMpZobYuVOn4R+Fpbl/XCC1SNX0SZLUzQmm2Uo95+Xf+v7YTOj1I2RUuPF8rfKNUXGY/mRdkmHeOsj7Wo2KK/AoWDgLIrau0muq00w0Jm5/tRg5mPpp39O+iS7EYqyI8VDv4P+U5o6FR9p73IqNsy5z5YcTy5YtMNOA8yUYPAF6I4W6zexfmRPAACOZurnf1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KrNssWXXFaQErApHAiVyBnL+VsqlHu2TY2uQ2jJh5Yg=; b=MoR6FAfWhlQF7l6/Xkk6O2l7QOkLjCfyypENmQH+maAbTt1u5andsG2NOUd1fOdz/E7Wzxl7xU3JVzlHcfQ7iwfSUFREAnMDJJ+jL7f7I+KjmUmrBKlPGuGRsLYRHjRvFZ5n2JhlQGEt4vekOKen5N5WDCI6S89SFRosW3iwuLOiMXbwsTv20MpaW4RcTiMdt9C8f92Unzb9Ksj6eGaEs53JydkYo6RS6oO7sI9RO9dYoIXErMDZr/y5TTXzmbYUOMrR6DIwpeuSGgDq11mSaHnW8Zj76sHMaPLSQFtqEwnTXgy/GzBUamyPX7Idv5HAgth0Ij8ZtEw0INkBd2VYtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KrNssWXXFaQErApHAiVyBnL+VsqlHu2TY2uQ2jJh5Yg=; b=Ha1ivA5+5qIqX6m2b/gZjDugLvHjpB2vEoBhWENQlzHkDGbGxGjxwigi7LD6iWgfrGeVqhoTkMURv/sQFvVBzX7u2NNCm4cmZjjoIKVboCtJGG9glqhCZ63Scoa9u1T6fC+K+03PsskuXYgFoSeFFE0dfu17mqmWt2dXM5fdTzU=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AS8PR02MB6984.eurprd02.prod.outlook.com (2603:10a6:20b:2e1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Fri, 4 Dec 2020 01:03:17 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::d022:fca0:630d:905f]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::d022:fca0:630d:905f%6]) with mapi id 15.20.3632.018; Fri, 4 Dec 2020 01:03:17 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Hal Murray <hmurray@megapathdsl.net>
CC: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] The trick to timestamp with authentication
Thread-Index: AQHWyc0o27AUW51ddUGBE+/j1auSXqnlyxIA
Date: Fri, 04 Dec 2020 01:03:16 +0000
Message-ID: <12C6B0FF-8C20-4363-AF41-FDF98B2D8072@meinberg-usa.com>
References: <doug.arnold@meinberg-usa.com> <BEF7C4D9-81CD-42AD-BA06-433D45C0DCD1@meinberg-usa.com> <20201203233634.15F7940605C@ip-64-139-1-69.sjc.megapath.net>
In-Reply-To: <20201203233634.15F7940605C@ip-64-139-1-69.sjc.megapath.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.43.20110804
authentication-results: megapathdsl.net; dkim=none (message not signed) header.d=none;megapathdsl.net; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ba6b1b73-76e0-43fc-1c95-08d897f06254
x-ms-traffictypediagnostic: AS8PR02MB6984:
x-microsoft-antispam-prvs: <AS8PR02MB698423E17ADAEF9691196812CFF10@AS8PR02MB6984.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BNI2nR9UszLUgfPCporWs5qqFByohngrp4z9VTS8fHYgsBYra5VP+tlG3tYVIjPZxKfloPxfqObMNgiXUQHMzkhADu5b60qW3ZPd9TAJXrpLNXILk1/YlVmlYct4MjokSuv4Khoc0aCqV5dIl2aOs08a2ndk/VqKBgJpI44HLbx0u57ivRak9mB59UceEqF4Rck5ZW8DkFLRyQSmXxbTxZi3965EAw5nYGqKy8H6UAYCJ+3IeytDS+3dgPFqkDY2ahJQhQuyjWwhTAGtcT5iFEF/3vBDoupGiNw51HlR0m3UeiJtl3xAAHMAlarBBK9VcKRoXTGcH9mBXo2X4YCXiUdJQsJsFCNsGBa1BrP1vxV3wq5H5OQiDCC5KCLnsv0L
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(346002)(376002)(136003)(396003)(39830400003)(66946007)(33656002)(5660300002)(91956017)(2616005)(76116006)(6486002)(66476007)(2906002)(64756008)(71200400001)(44832011)(66446008)(66556008)(4326008)(8936002)(6916009)(478600001)(36756003)(83380400001)(8676002)(6512007)(186003)(26005)(86362001)(316002)(6506007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: X7QehoK22dg/mQRkuWx4KaN2V4507s3t7hFXLlX0TQRHpuaYULnQVk7kxTkEmzgyylYzQLSXEGDSElL0O7jFq1pJyM+V3V5Uh4opy18U8VVzobm1ye10gnn5qE7NlahP/wHkFFYUYprY3AXVwAHROwGPZd7xY/0gTvzX8jws7asVVEq5SWiNEifsx/8xV+cJdFjG3xnBm8/ELGbfQYMbcK8nh7XW59gVv23zO+8+LoJwMbkzfgUVKdUXr6rvFcegeRVSulv2jC2jRptLwLvCNZdCZKC48d/6sVrTec9hRKe002vrIiChQQ2m9f8gyJjshj+rTxfKvZ3RQVRpHeI8wdLxnW7fBOCMRVT20HvhI+3XK/BL47U+o22+gdMSyxJd0bCRbaDU70FFDcj4izOmBiu9mW7qpg3EeQTA0ZOW9RlFAtApfAJlxTDmqrdLkFkdnnUQJIkp2NB637o9RVO/jqsJDwFIzIN4H1xro+pnPTSjCXUf58NTx9KbyVMkD83zEKUsaVWpk8ulb8hA9qvg2fr1saQtlhibLi1aO63AWaLI6yqBAB0yAMluCs43GyiRtYavEpogXh2Z5j6EQmM5/qJ/dAaM1Yq9P7xWzcrSCAhlqJ6smhByoYIjyIoUPP60ytq/lotcabEJc2ihB3QWRKE/gnDbdSHXEApAHKD8krVeSPCpAjCsVEgsE1/H2uLts+or3ADfzV24/MjhwV738GJsLr8xvBknEdJ0kVfgr0/dPobLyeWCFg2z8OCzOTDYlQQB/O1gOYC7fHIwgayxaDKlOfdpQVpQSxj/0EDwqY9aPhWItm18tWSN7X8CSzCZe90pAryPnYI4ckGaE/KPI2OEvDPaim1GpJ1NcjCN2n7Sm37eyh61aTWiWKopPUHSZsWh49i4mWXkq2emLhMYO678MAMH11yV5ieL6HOEXUU/VSa9y45zfN9KENnJAuUyF8Mryt6ebWT/1f2oN4I5U+qAlZuoxohEeIPzHEJnAif8OvoH0dRMM+mjSTUlMhn1
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <B7C389E06356A14B96037876BC0F2C5F@eurprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ba6b1b73-76e0-43fc-1c95-08d897f06254
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2020 01:03:16.9534 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0s4tKFqgcG6vq+eNQXgbMpncWGWdFDrQfwM2heo0dHuGEcYVJeW0RaEsg+smze52CBB3nR0PtDka/1a3dfWRMaOA5hHzifH678yN1juV5r8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB6984
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/G8QacpQj-8GxnAaS_R8VKlxUqsg>
Subject: Re: [Ntp] The trick to timestamp with authentication
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 01:03:23 -0000
I think that the enterprise networks of financial institutions, broadcast companies and power grids all want security and on path support. Maybe large data centers as well. Broadcast and power have already adopted ptp and will probably stick with that, but my interactions with people in finance and data centers suggest that some of them would prefer a more precise version of ntp. Some companies in finance are already doing nonstandard sub microsecond "ntp." That is hardware timestamped ntp packets, but with higher than normal message rates and different client algorithms. The ntp working group could decide ntpv5 can support on path corrections or security, but not both. However, I suspect a lot of people would be disappointed. Doug On 12/3/20, 6:36 PM, "Hal Murray" <hmurray@megapathdsl.net> wrote: doug.arnold@meinberg-usa.com said: > This could be handled using a symmetric group key that authorized nodes get > periodically from a key exchange server. See, for example GDOI. I believe > that NTS could be adapted to group key operation as well. The whole idea of patching an authenticated packet seems wrong. How much effort has gone into investigating alternatives? > I see you were paying attention. Accuracy and security are a trade-off. If > you want on path timing support and security, then you either have to have a > lot of secrets or a secret that a lot of nodes are in on. Either way it is > less secure than just NTS between a client and a server. However, in a > private network where someone wants microsecond level time transfer accuracy > that might be a sensible trade-off. That seems like a narrow market. It's a private network. They want authentication so they don't trust their network yet they do trust it enough to patch their authenticated packets. -- These are my opinions. I hate spam.
- [Ntp] The trick to timestamp with authentication Watson Ladd
- Re: [Ntp] The trick to timestamp with authenticat… Hal Murray
- Re: [Ntp] The trick to timestamp with authenticat… Doug Arnold
- Re: [Ntp] The trick to timestamp with authenticat… Hal Murray
- Re: [Ntp] The trick to timestamp with authenticat… Doug Arnold
- Re: [Ntp] The trick to timestamp with authenticat… James
- Re: [Ntp] The trick to timestamp with authenticat… Dieter Sibold
- Re: [Ntp] The trick to timestamp with authenticat… Miroslav Lichvar
- [Ntp] Antwort: Re: The trick to timestamp with au… kristof.teichel
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Dieter Sibold
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Philip Prindeville
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Watson Ladd