Re: [Ntp] Last Call: <draft-ietf-ntp-interleaved-modes-04.txt> (NTP Interleaved Modes) to Proposed Standard

Miroslav Lichvar <> Wed, 07 April 2021 10:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 60A383A15B8 for <>; Wed, 7 Apr 2021 03:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zZeB6e052eg8 for <>; Wed, 7 Apr 2021 03:15:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AA5FF3A15C2 for <>; Wed, 7 Apr 2021 03:15:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=mimecast20190719; t=1617790502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KeBcWgA580pYkQMaX9XKfHnQuuC/Q08EucuW3nlI9pA=; b=bcUolNwWOx6AkK162AJ1L3atULAqqpCKyrk1nieVvpttEE4nPHa5AirscfTKdg7QRaBv4d prdgQejnRyQ/Z0dLTcPyqktse9GVG1gO5zgzWV+WoPa/zz3+DzXzmm6KivvzEoT2sgKM37 KjTp04T4+1UbtzEorFPtmet5It/mVec=
Received: from ( []) (Using TLS) by with ESMTP id us-mta-498-7VGztT1yPD-4_2K14MWqQw-1; Wed, 07 Apr 2021 06:13:52 -0400
X-MC-Unique: 7VGztT1yPD-4_2K14MWqQw-1
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F005107ACCA; Wed, 7 Apr 2021 10:13:51 +0000 (UTC)
Received: from localhost ( []) by (Postfix) with ESMTPS id C0C69610A8; Wed, 7 Apr 2021 10:13:49 +0000 (UTC)
Date: Wed, 7 Apr 2021 12:13:48 +0200
From: Miroslav Lichvar <>
To: Daniel Franke <>
Cc:,,, NTP WG <>,, Karen O'Donoghue <>
Message-ID: <YG2F3PE1BsAvx1QK@localhost>
References: <> <>
MIME-Version: 1.0
In-Reply-To: <>
X-Scanned-By: MIMEDefang 2.79 on
Authentication-Results:; auth=pass smtp.auth=CUSA124A263
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Archived-At: <>
Subject: Re: [Ntp] Last Call: <draft-ietf-ntp-interleaved-modes-04.txt> (NTP Interleaved Modes) to Proposed Standard
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Apr 2021 10:15:05 -0000

On Tue, Apr 06, 2021 at 02:39:00PM -0400, Daniel Franke wrote:
> I think the feature introduced by this draft is fundamentally
> misdesigned. The objections that I'm raising here are ones that I've
> already raised during and prior to WGLC. When it was clear from the
> ensuing discussion that I was coming out in the rough on consensus, I
> asked Karen to go ahead and advance the draft but to note my
> objections in the shepherd write-up. This seems to have been missed,
> but no matter; this email captures my concerns.

This email tries to briefly explain the counterpoints to those
concerns in case people don't want to go through the WG archives.

> Interleaved mode, as specified by this draft, works by conditionally
> altering the semantics of certain NTP packet fields, to mean something
> entirely different from what they mean in RFC 5905.

They are not entirely different in the draft's authors view. The
transmit timestamp is still a transmit timestamp and the origin
timestamp is still a copy of a timestamp from the last received
packet. The only thing that changes is the reference.

> My interpretation, however, is that an SNTP client can put
> whatever it wants into the origin timestamp, because RFC 5905 Section
> 14 allows clients to implement "any subset of the NTP on-wire
> protocol", and phrases all interoperability requirements in terms of
> how a server is expected to construct its response to a given request
> packet.

An analysis of traffic captured on several public NTP servers in
different locations showed that there were no clients doing that,
except those that already supported the interleaved mode.

It should be noted that the first implementation of interleaved mode
using this mechanism was published before RFC 5905, by one of its
authors, so if the description of the origin timestamp seems too vague
to allow this mechanism to exist, it certainly was not intended.

> But a
> cleaner mechanism *is* apparent. NTPv4 supports extension fields, and
> we should use them. Instead of messing with the semantics of existing
> fields in the base packet, leave those alone and put the interleaved
> timestamp into an extension.

An extension field would be problematic for the NTP filter, which
relies on measured delay (shorter delay means a more accurate
measurement). Packets in the interleaved mode would be longer than
packets in the basic mode, i.e. their NTP delay would be larger and
the filtering wouldn't always work as expected.

Detecting server support would be problematic. Some mechanism would
need to be specified, which would need to make assumptions about
existing implementations, outside of what is specified in RFC 5905.
This is an issue that was proposed to be fixed in NTPv5. 

> I think the most tractable solution to the state problem is with a
> different design that avoids state entirely. Don't wait for another
> request from the client: just send one packet, capture the hardware
> timestamp, and immediately send that out in a second packet so that
> related state can be forgotten. The draft already discusses this
> approach, but dismisses it on the basis that it would allow for
> amplification attacks. This would be true of a naive design, but it's
> easy to problem to solve: just do exactly what DTLS does vis a vis
> HelloVerifyRequests, where before the server will send follow-up
> packets to a client, the client must obtain and echo back a
> server-generated, self-authenticated cookie bound to the client's IP
> address. This of course can again be done through extension fields.

This approach has some advantages, but also disadvantages, as
discussed recently wrt NTPv5 design. Some of the issues are:

- It doesn't really change much in the susceptibility to DoS attacks.
  On most current hardware, transmit timestamps can be requested only
  one at a time. The server could send the follow-up messages
  synchronously or asynchronously, but in any case the maximum rate
  would be limited and could be exploited by attackers. IP-specific
  rate limits are not very useful in IPv6, where attackers have
  practically unlimited number of addresses.

- Clients need to have a timeout for the follow-up message and deal
  with reordered messages.

- It is wasting network bandwidth.

- It creates an asymmetric network load, which can lead to an
  asymmetric congestion and asymmetry in NTP measurements.

- It has potential security issues in the cookie implementation due to
  extra complexity and dependency on crypto.

The interleaved mode described in this draft is simpler, inherently
immune to amplification attacks, and it gracefully falls back to the
basic mode.

Miroslav Lichvar