Re: [Ntp] [EXT] Re: NTPv5 KISS code support

Ira McDonald <blueroofmusic@gmail.com> Fri, 03 November 2023 13:06 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76D39C187728 for <ntp@ietfa.amsl.com>; Fri, 3 Nov 2023 06:06:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p0xsJzuPU882 for <ntp@ietfa.amsl.com>; Fri, 3 Nov 2023 06:06:02 -0700 (PDT)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1F5BC1705F7 for <ntp@ietf.org>; Fri, 3 Nov 2023 06:06:02 -0700 (PDT)
Received: by mail-oi1-x236.google.com with SMTP id 5614622812f47-3b565722c0eso1198887b6e.2 for <ntp@ietf.org>; Fri, 03 Nov 2023 06:06:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699016762; x=1699621562; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qazvSc+3f4E4Nq0XJwCVrV5iFoA7pJPtiJ2g4UN0nb8=; b=W9R1onWiohWndAKe8gja1DGabRrWnee4wzCxumnI8W5EljllMrbASU/G35RlWzdOe5 P3q9Oe5yLU5RR/w072groNEb7yqe5Fk1AEnl3U+kcIZfzhCuulWumipeoikjHbGm70YV 6IFnKzH0/I9AbuiD+EmTSggNjFI2/CLwAh2NvBhRgaYcysNsh/xso/x4btXb0SpS6st5 Oqpy7ZtDs4K9R5MSTlyFDo19uT5BB3+i/L4B1V61G+EGiKEM1N0M7L3xKPhyQ8bRtReJ v3d3BSMctN5YA2wQM2W6ty6jByirqAF3N5I/yAhes7AAu+fpFsvnuKZfl5hLIvaYozxv WXDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699016762; x=1699621562; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qazvSc+3f4E4Nq0XJwCVrV5iFoA7pJPtiJ2g4UN0nb8=; b=qcasetZh6TP+R4P2TzIW2m/QqO0j1nVqpr+/WeUvXJ87zlIyMfBtthABz2/9Q9sGbz PE5SQ3kNebc87OcBl96k88YzdnT7w3F7IghA4zuLs9kvnQdN65DWHEJW6VyxsyoiJjEE 55rrtd627lhCZ29pjnjfv9wgoNzhKXMn/30fFbbfva9TP/sPdyun+OQclyjCF+DGXwhO tgXmOqHFqG0mwTfn32g1MDhffyheywtoieTuS9rBHbkSwbRSIKTZCHJAj+iTp966kUXb KSZ1aaEKNZUfj62HGwVn1DsX4/iqBSlqfbqxGh14gNtVv03VCqqJj2NlXxCXOsoD87lU RWzw==
X-Gm-Message-State: AOJu0YzErCHNXtb9Ewvm3k4UdAgXZuPmznuKozEDRTr6ah+hL7H2L+X9 szYDycGck614nN67rHUL1ENxPzcUGsWPF4MlSrM=
X-Google-Smtp-Source: AGHT+IGlixh9axIxYsmwjXLT6G1TOA1zxMhjxp1xSxCTl59u9VslmpN2RyboqS8L/TQAZtGdDMYnL7gKBKpEUT0fiA8=
X-Received: by 2002:a05:6358:52c8:b0:169:a814:5ce6 with SMTP id z8-20020a05635852c800b00169a8145ce6mr8762214rwz.14.1699016761673; Fri, 03 Nov 2023 06:06:01 -0700 (PDT)
MIME-Version: 1.0
References: <CAPz_-SWRUTB2wQeLg5wS_c34D-7R-Ngcek13rzknyiGf9iG-tA@mail.gmail.com> <ZUNnqmnEVDx1538O@localhost> <960aba9f833b4461863ea165df632ea5@ukr.de> <CAJm83bDHvj9MVvNhnTS0riUqTWCz-y5gCes0v3K0ViXrZ4t9ow@mail.gmail.com>
In-Reply-To: <CAJm83bDHvj9MVvNhnTS0riUqTWCz-y5gCes0v3K0ViXrZ4t9ow@mail.gmail.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Fri, 03 Nov 2023 09:05:49 -0400
Message-ID: <CAN40gStPb66+4OShBcRjiFfUViitQxs=7N0sdGDJW8T4WhctnA@mail.gmail.com>
To: Daniel Franke <dfoxfranke@gmail.com>, Ira McDonald <blueroofmusic@gmail.com>
Cc: "Windl, Ulrich" <u.windl@ukr.de>, Miroslav Lichvar <mlichvar@redhat.com>, David Venhoek <david@venhoek.nl>, NTP WG <ntp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c091d06093f2af6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/GxvegxTX3A_zlc3MNNwfPCIPAy4>
Subject: Re: [Ntp] [EXT] Re: NTPv5 KISS code support
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2023 13:06:03 -0000

Hi,

+1 to Daniel's comments.  Stateful, Client-by-Client rate limiting is a
black hole
of potential software faults.  Let the Server tell the same thing to every
Client.

Cheers,
- Ira

*Ira McDonald (Musician / Software Architect)*

*Chair - SAE Trust Anchors and Authentication TF*
*Co-Chair - TCG Trusted Mobility Solutions WG*

*Co-Chair - TCG Metadata Access Protocol SG*








*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer
Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF
Designated Expert - IPP & Printer MIBBlue Roof Music / High North
Inchttp://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com
<blueroofmusic@gmail.com>(permanent) PO Box 221  Grand Marais, MI 49839
906-494-2434*


On Fri, Nov 3, 2023 at 8:23 AM Daniel Franke <dfoxfranke@gmail.com> wrote:

> I agree with Miroslav: KISS codes as they exist today are broken to
> the point of uselessness as a rate-limiting tool. In my early NTPv5
> sketch, I replaced them with a couple of fields in the base packet
> which allow the server to inform clients of limits on how often it
> wants to be polled, with one field for maximum sustained rate and
> another for maximum burst rate. Compliance is still voluntary, but it
> avoids any need for state-keeping on the server side because it just
> sends the same information to everyone.
>
> On Fri, Nov 3, 2023 at 2:47 AM Windl, Ulrich <u.windl@ukr.de> wrote:
> >
> > Hi!
> >
> > So you are saying the KoD (Kiss of Death) as it is specified now is
> broken by design?
> > I see two possibilities:
> > 1) Drop the concept for NTPv5
> > 2) Improve the concept for NTPv5
> > Basically I think KoD is a good idea to inform the client about an issue
> the server sees, be it technical or political (policy).
> >
> > Kind Regards,
> > Ulrich Windl
> >
> > -----Original Message-----
> > From: ntp <ntp-bounces@ietf.org> On Behalf Of Miroslav Lichvar
> > Sent: Thursday, November 2, 2023 10:11 AM
> > To: David Venhoek <david@venhoek.nl>
> > Cc: NTP WG <ntp@ietf.org>
> > Subject: [EXT] Re: [Ntp] NTPv5 KISS code support
> >
> > On Wed, Nov 01, 2023 at 03:37:44PM +0100, David Venhoek wrote:
> > > Hi All,
> > >
> > > I have made a pull request with suggested wording for including kiss
> > > code support in ntpv5. The PR can be found
> > > athttps://github.com/mlichvar/draft-ntp-ntpv5/pull/9, the suggested
> > > patch is also included below for completeness. Please do share any
> > > feedback regarding the chosen design, this looked good to me but there
> > > may be better approaches.
> >
> > This looks similar to the description of DENY, RSTR, RATE codes in RFC
> > 5905.
> >
> > One problem is that it's a security issue, a denial of service for the
> > client. A single spoofed response shouldn't be able to completely break
> > synchronization with a server. There needs to be some maximum poll
> > value specificied for RATE and some interval specified for RSTR and
> > DENY. With that, I would ask how is it better than what we already
> > have with the suggested poll interval returned in a normal server
> > response.
> >
> > The other issue is the most buggy clients that would need this
> > handling are least likely to implement it, at least that's what
> > we have seen with (S)NTPv4 implementations. With the most severe bugs
> > that lead to flooding of servers (e.g. in systemd-timesyncd and
> > Fortigate firewalls for example), handling of these codes wouldn't
> > make a difference anyway. By the time the client receives a response
> > from the server, it has already sent another request, so it couldn't
> > accept it as valid even if it had this functionality implemented.
> >
> > --
> > Miroslav Lichvar
> >
> > _______________________________________________
> > ntp mailing list
> > ntp@ietf.org
> > https://www.ietf.org/mailman/listinfo/ntp
> >
> > _______________________________________________
> > ntp mailing list
> > ntp@ietf.org
> > https://www.ietf.org/mailman/listinfo/ntp
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
>