Re: [Ntp] NTS IANA request

Watson Ladd <watsonbladd@gmail.com> Sat, 08 June 2019 02:49 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC6A12011F for <ntp@ietfa.amsl.com>; Fri, 7 Jun 2019 19:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jgL9-Js8PNRC for <ntp@ietfa.amsl.com>; Fri, 7 Jun 2019 19:49:40 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74C94120161 for <ntp@ietf.org>; Fri, 7 Jun 2019 19:49:40 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id v18so3321430ljh.6 for <ntp@ietf.org>; Fri, 07 Jun 2019 19:49:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iHs294JTZAw+vGgDoHb+gmSc52lhkp7yMxE/LkOw4x8=; b=k432ZoBtdhJmrGAtyqiAq9nIL7dlCiUpFV1ZaQJmr0m3uOonBz0O3VmtRzkh21w9se RJzS36q6OfApqzZ9voyPjljqu0gvaRHaZ3CzqwdPb7FnBeOdqFkTk/AX8MFdDwI8gkCZ 3IVM7bwRYFkugW8s2yz3lx6Y4Ig2f6SNioMTq/NeY4s75gIs12CIHA/FpVHJHRCwlTOz +KU8A0Lfi+Ak+LRPlHSJret5EIlhJ3v40Cg819M+qzBvAPgJYDdy0n4+Wr3JyFJoAEaI WStHlaZklXBim4Av2CU7hv9qGu9jIZxkn+FRLnRMDjnv5Bxo7b07JykzJgOuSO8l2a1d cJtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iHs294JTZAw+vGgDoHb+gmSc52lhkp7yMxE/LkOw4x8=; b=oxJGfUdbEmrXtpSnOiaXn41h6eZt7MAibsWpDbgQ0K8EYddaFmGXmBpkoejcFgyO/R Ud3oM79+B3NJpuwomsp7UVjci/UwA3TwElV/jcwUALHjn995aLVFEd7EFQWVIAs/Azn0 BDU7j0kYGIrVqWKTm+A9YvVP21ONRR6tQQGMNVxD+cSbed+BMXq+rhZFKEkL8gbE7/FZ nmuRtsktH9Osbj7CZua8c6cY7fc3Za+SwoF8p9hh8mPw2Jf93z9MFJEAWOHqyVORNrCb zbWEHqnyNYcSTl0phCfWjitEAdFXa5x3weHZ6pWT9xgHOPWeNWs5p/lQDJV6JkB9ILoy WF+Q==
X-Gm-Message-State: APjAAAWy5XjFe1y73ozeOnIESYCV5U9mUHnqcWrgB/M4mq1C6Xo+6On+ /EkboZD7eFKH9xb/xfzR9fpvE3gSJfWNxZOF19w=
X-Google-Smtp-Source: APXvYqzIYAofZr0ET2PPmtx5O83D0lGKZzF3aV8kS3ZqqMhrmxK28JkRKc3KsEmQWz+XBITfltG7uZqscDNtTcfUMOk=
X-Received: by 2002:a2e:1290:: with SMTP id 16mr10301452ljs.88.1559962178630; Fri, 07 Jun 2019 19:49:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAN2QdAH9Uh_wYSEizgYTjd4Q6VFQT+tvH8dnbPgKKc59+vEfng@mail.gmail.com> <a123d81b-4994-9e35-58eb-6845cf439f91@nwtime.org> <20190605164753.6e71fcaa@rellim.com> <03055E77-EB42-494E-A231-039C4603E256@akamai.com> <CAJm83bDYZ+vcwkhFEf2YCAVwKcSm7rEgbuB0Wwsvm5XVVAMjuQ@mail.gmail.com> <C8E4189E-E3A1-4926-AF0F-93BE9C7255C8@akamai.com> <CAJm83bBkU91st1CFAsx+JCLpxXyWOQnSTY9sXeuA96R8pqXdCA@mail.gmail.com> <de0c6296-7152-044a-5613-dfdc8d924c2f@ntp.org> <CAJm83bA6Sn0ZiCTgfG7UUpB3DA_G5FMMu=3_JP4fA0Rr-nckNQ@mail.gmail.com>
In-Reply-To: <CAJm83bA6Sn0ZiCTgfG7UUpB3DA_G5FMMu=3_JP4fA0Rr-nckNQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 07 Jun 2019 19:49:25 -0700
Message-ID: <CACsn0cnfSAT3PZMiz+LgcpOue3m=TYzbtGiW+jNBvZyX3q94=A@mail.gmail.com>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: Danny Mayer <mayer@ntp.org>, NTP WG <ntp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008538fb058ac6ff88"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/GXNp_B8Vrx51SyApov60qeAWpHE>
Subject: Re: [Ntp] NTS IANA request
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2019 02:49:45 -0000

On Fri, Jun 7, 2019, 10:34 AM Daniel Franke <dfoxfranke@gmail.com> wrote:

> On Fri, Jun 7, 2019 at 10:31 AM Danny Mayer <mayer@ntp.org> wrote:
> > We do what we did for EDNS0, get the firewall folks to change their
> > policies to allow for larger payloads. It will takes years but firewall
> > people have to move with changes as they happen.
>
> EDNS0 may literally be the worst possible role model here. It made DNS
> a serious amplifier, the internet's second-worst offender after NTP.
> It *created* the problems that those firewall rules were put in to
> solve. Today if you want to make a DNS request whose response is
> likely to be larger than 512 bytes, you're practically forced to do it
> over TCP.
>

NTP? There are no mode 6 packets in RFC 5905.

Let's be clear about what happened: one implementation did something silly
and we have to clean up the mess. And to compound the problem src=123 is
used for queries by that same implementation so time servers can't block
the amplification easily and still be useable by the widely shipped
implementation.

I'm still jumping through hoops because of this.

Sincerely,
Watson



> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
>