Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft

Doug Arnold <doug.arnold@meinberg-usa.com> Mon, 07 June 2021 14:20 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AE813A182C for <ntp@ietfa.amsl.com>; Mon, 7 Jun 2021 07:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZoRysTeVe50p for <ntp@ietfa.amsl.com>; Mon, 7 Jun 2021 07:20:40 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60041.outbound.protection.outlook.com [40.107.6.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C552B3A182A for <ntp@ietf.org>; Mon, 7 Jun 2021 07:20:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OeObyQRWzvVniVVai6weJdCGRX6uQDtTbSRHQEq12lo+/Na7nA0peYkS8pomZIFEaUOGBrZ51+yKN8CNV8ocv2VsIcA5PRbTPirtud2wNZPsSRMpHp73QKvpw9hz5/TD8CmV+ru3jJ+17WJe1mu5CqKWIpjnL1ZrTA9dyybzVqN2ZupXdlMVOnIrJjFA8zSnUekHYrL0LagUt2RM1AK8DVS8eesrc/6/3mXRc1YVKOP6l2cL/sUIu2nqOHTgRdWefZv3BhyvJe+bmcQq7a7Ki8idj1F8cSPkIKvXAy0MfBzlsQOQW4W6Noz7urJ1eJ+xo4Tw9TJtynRWy4yB45HHIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rlbl+WL826OG9YnGqYEvxZ48OQ7J3yNjrkTvTbDlQY4=; b=TsZ3FKD6AJF18pxzHJ/+iFvAvl+y+J+J5seEd6dWvfOXr4g/Krc81lLIjHVDsq0Qh4ODwd/fJj1YRt+w700tPpeMWoP9u5tI0YnoAKqFmUrTgsZ6NxBgjuUXckwaDM3ao/NxH6kEQ64bkX45aP07ZjGHAMC5PH4Wqb6oYVI/EJcxz9TllvLnrktUxDSeIMeHdQGLsjzBCZenaELk+LPRxf8YKlgUmlYk3YXDDlcPudWEgu5zWwuyC4hEqEkmCv8LB6fTNxJDDUR7L/uHdgbTq6fN3spr1PRpbGA83e6Rsx9zK6GuoBgaiNDsfB3zfhBCSBngjR4Kv+ier/efDHFwog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rlbl+WL826OG9YnGqYEvxZ48OQ7J3yNjrkTvTbDlQY4=; b=ZcQnElINxkPqX4ImXB7L5X1Y06+4OP1ToRXhTzVv7wNQxH4A6ZcyIFFZEsJS2+U4RcSnX58adZKwWOG+5gDS+1729rGq9K9omajekFMMhbZLOzhZTz9xUhh6dEpQuJl6q4ADZhuMhxZM3n/UiW77M3pJUbA2zbg1R61DEn3Q7RM=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AS8PR02MB6629.eurprd02.prod.outlook.com (2603:10a6:20b:25a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.20; Mon, 7 Jun 2021 14:20:36 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::7021:78f3:a3bd:4cd9]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::7021:78f3:a3bd:4cd9%6]) with mapi id 15.20.4195.030; Mon, 7 Jun 2021 14:20:36 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, Dieter Sibold <dsibold.ietf@gmail.com>, "mlichvar@redhat.com" <mlichvar@redhat.com>
CC: "heiko.gerstung=40meinberg.de@dmarc.ietf.org" <heiko.gerstung@meinberg.de>, "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
Thread-Index: AQHXW3F0HKMP2JO3cU6iwh8v8rH0yKsImPHM
Date: Mon, 7 Jun 2021 14:20:36 +0000
Message-ID: <AM7PR02MB5765B566C471E02C61FA257DCF389@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <C3693A60-E1A0-4570-91C3-876EB584B468@meinberg.de> <A2CB8908-86BE-4FB0-959C-7FF1DED9B421@gmail.com> <YLiMp17LeGVOTp+r@localhost> <AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com> <60BDC91E020000A1000418E6@gwsmtp.uni-regensburg.de>, <87286818-7841-4CC5-80A7-F9836B925F79@meinberg.de>
In-Reply-To: <87286818-7841-4CC5-80A7-F9836B925F79@meinberg.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1c37ca89-6727-4e3a-7884-08d929bf6b54
x-ms-traffictypediagnostic: AS8PR02MB6629:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AS8PR02MB66291FA1BF9268A261A70443CF389@AS8PR02MB6629.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GjnUvVffNfpg5tyf0QRw5O+xgWXixLHP6EZyDyEoCWCcWcI1m7uzbiuTO8/0SOFPGAh8qDFvObrarVx6cNqZvZqY0gxvzVAZuCONS/AoZhktWjbKZwBhqmRGbcfYhrKsi+1LjVKZjGvd6XfevwHPp/O07+lYSinhHAhn8nEOJHwvIb2x3wVKX+4oJs3lg45LTkjvM0ei1iNgUTBU+3FPCbCCXt0Bc9IeSOs/GmzMYM2CyYsnFm6Qd0qhTPbzrMmDz+UhidJSFwUeH515ylh+45tGyvk+DklayjQ2ruD7/yFTdOW/P7uxoB6rAgNXRmfyxEk0scniL7HBqi8K1QNDezYRak89yYOzXrxr08UBReI7wnPiavVAfI0IQOxwNzWW0iUDU1Rx3mVEegFcrxJlpjfhln+ajeGmIXX0MQjzSoXThbUbDsEwHmZwrSHWDUOSJjj69fHRInmKyTPZRu+ItmpFQf5BSgXCPCOwr45jgpftthcyvuQtAiesoJ7zBpxyTRx5F0yPEH60diOKhkHNxOMgoK3c6acs8G+d/suN5A/3/hCdtgP8W9FCMUXcgQ+lVRRXsPDzhdopZnbBK3/o2mR3C60mWuHvPoboVW1MRexhOeKztxsbmflMkmSIArI7ydYRkAGbOHtejQ3JVtAaCzGN6TSzgJ4Xi1+cPPqpmWyeSWFITOqim/aUwxpkhfEoo26B53rKoimHzfmobPo8oYT26MP5pq44wZEQ5TqLGvw8YPjIPJ+69jl4Eb/ewSLAeXu5AqjOrWJptqc02wLScA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(39830400003)(376002)(396003)(346002)(366004)(136003)(66946007)(66556008)(66476007)(122000001)(55016002)(64756008)(66446008)(71200400001)(66574015)(5660300002)(8676002)(83380400001)(52536014)(38100700002)(7696005)(8936002)(54906003)(44832011)(6506007)(86362001)(9686003)(91956017)(45080400002)(76116006)(26005)(966005)(33656002)(186003)(4326008)(2906002)(478600001)(53546011)(316002)(110136005)(166002)(32563001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?dUpOazJJd0dBazltcm5taE1LN3Jyck9KUXNaSTFERlMvQThWZDVJb2Z5STFv?= =?utf-8?B?aU8yYW0xQTRJZWQ2clBpUXZyc2V6WnM3QlJ1M3BiOXFtM0M1anFjdjl5ajFq?= =?utf-8?B?eGFRK2dBTkdFRy9YTFVXUnhPN2JlZC9iT2VCNVlkRUF0QThkRFNnN2JwbWRm?= =?utf-8?B?M3BxN0psT0ZZbEJPb1lJTTJVRWhnM295VjRqZ0hpSGQ3UXg0TXorUzFPWFlM?= =?utf-8?B?SHZoMmFPR2gxajduaUZ6MTJ3ZEc4c1JmL3FVcjJwZGNFUVZ2WFpYRFJ2MFl6?= =?utf-8?B?TUdwS3hLMnJYTDNUZGNFc1pwYitJVVFpTGo4SzJQaUxPS2ViT1E1RXB3YjI3?= =?utf-8?B?Tm8yemFncVZwckxhOVlFUFlKYWJLRmNJSExsaCtDQmZYL0NZYzFJVVVhTGRS?= =?utf-8?B?amlKVFYwYzUvajdmOXVmTFlrcCtubW9CakFLQnBrVUt5cnF6eGNpVTZsWStK?= =?utf-8?B?dkt1cGludUJ4SXVzblEvVlpyZTkzdXhmMUtnVjFwVk80blY0Vi81YUZ4NTl0?= =?utf-8?B?YkQwbERtYUxkRXA3cUMyWWxwZlh4eXp3ZzlZU0tacjlvYjdlb0VnbmRWVGZm?= =?utf-8?B?MFRxYUdwSkg2Q0YwOUlncklzTHZZdWZBSmFRQjZGSnI5TDU4VW9nTHMwM2xk?= =?utf-8?B?cFk3WUZudXZKTUx2NjJZajNLcnlzMEtzbUlJSzJnOWtYNXZ3R3FWbklnWTZP?= =?utf-8?B?aHVYNThjUmZOdzZpMUdGdk1CalpZNXZ6KytIT1hicmVKdzdNOGpYcU14Rk9S?= =?utf-8?B?ZW15cFE5V0E4Mm5lays4bldaN0pseTc4NVZQMjlHaVdRREVFNUg2Nm9rRUdE?= =?utf-8?B?cmV6UlJjaUM0NDRoalNEUkoxdWNxZDR4bXJhTFJFbnpuOENQQlJmQTFnREha?= =?utf-8?B?RFhFNEVkYlJJL3Y5K3NVbEQ3a3BpNWRJUWdhRk50Zk0zSFpWbkYvOVJCWTJV?= =?utf-8?B?aDEvS2tRVGJMVytZTU5mSUJqUjRJUmxRR0xpZEpCRis4REYyR3BlWlRPdDBr?= =?utf-8?B?QVJmZ1VLcVhTZjFIUUVNZlNabFJrOUVKTVR6VSt3VEhFVDVlZTgwWkIwcmVP?= =?utf-8?B?WkxRYlJ4Ti9DcU54b3pFM2FlWXJuQjhzL2UrYnZtVmVmalpxdVR4SzRHd3BU?= =?utf-8?B?b1hhMU45SWlOR2plOWRiSWp0OGpCZm9IUUt6ZWE3QmRHUit0YmZsZm8rMW16?= =?utf-8?B?NnkzcG5uWmNCY1QzYmk4Yk9VOG5PZmFpR1ZHOTBCUGJmM1NyK0ZQTTJVcElK?= =?utf-8?B?UCt5c3dNNmRWbEdzYmF6emk5UVB4Y3JEQ0lVcGh6NTdtNkRqZm0wUFFmcnNr?= =?utf-8?B?Zk9hZ1BsREpwN1RXK1puT1J1ZjIrV2tNWXlMVS9aZGQ2eXpaZndXVjBFNkI5?= =?utf-8?B?aEk2TExuak0yUXJrY3RQclA3WGkwWCs0bXVQMEpZZVZLRGpkdjlwWkFUU1pJ?= =?utf-8?B?RFVWQUtzdmgrRDlKN2N2S0FqUERMTjUxbVZUSjNVNU5tVStFNWNmR3I4c2FN?= =?utf-8?B?Ukh5TVQ2djRoU0lvSFNHc296R3VtWnZYU1B6bzRkdHZBY1BwNEgvdmNNSEF5?= =?utf-8?B?T2hlUG1SYmQ1RjFEajVoME4vSm1Na3Bsc2NyWWNGSzZFMmNJbzlRdnBud0Y0?= =?utf-8?B?SUxiOG1RM3BqR2s2TWxEa3BZNmJrMmlManRkU2xqVXFXZWRNM0FIVjR1UHpK?= =?utf-8?B?eU53eG5BbnNmdnE1dU0vOW05VVB1L1YxbUwyaTlaRUo5bHl0alFjM0NEVGp2?= =?utf-8?B?QjYrV1VwQ0FtTThYd05RV00yUE9ZVytBdWtVMnY4cktmdS9xUGNJUFlQRllL?= =?utf-8?B?S2J5Tzk3N2VMb3Y3cXZjdz09?=
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB5765B566C471E02C61FA257DCF389AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c37ca89-6727-4e3a-7884-08d929bf6b54
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2021 14:20:36.4671 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Dyv3/E17qGjfp9mZDp4EVlTYdfdK9L7+YYSzfAOqRpH4ynk9ILSJw4jiDKBV5fhILfCTZuSCxBR9hS8CnVa+xowEiN+kvCgepBFPEu3Z0kw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB6629
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Ha-gcSAzsZ3ZJfXprx8dJRyHCD8>
Subject: Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 14:20:45 -0000

PTP over VPN might work.  VPNs are usually carry encrypted traffic and that could lead to a lot of timestamp jitter, if the nodes decrypt messages before deciding whether it should be timestamped or not.

Doug

On 6/7/21, 3:48 AM, "Heiko Gerstung" <heiko.gerstung=40meinberg.de@dmarc.ietf.org> wrote:
>>>> Doug Arnold <doug.arnold=40meinberg-usa.com@dmarc.ietf.org<mailto:doug.arnold=40meinberg-usa.com@dmarc.ietf.org>> schrieb am
> 04.06.2021 um 18:45 in Nachricht
>
> <AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com<mailto:AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com>>
>
>> I always recommend to network operators that  If you are transfer time across
>> the Internet it should be NTP.  Nevertheless, Inevitably someone is going to
>> run PTP this way.  However, I don’t know that it is something that we need to
>> protect or encourage.
>> People do run PTP over large telecom networks.  Power grid operators
>> sometime run PTP between substations on large telecom like networks to back
>> up GNSS.  Financial data centers sometime like to get time over fiber from a
>> remote national lab.  These applications will likely eventual want to improve
>> the robustness by a having a secure version of PTP.

> Hi!
>
> Another question is: if PTP is used mostly for corporate "private" networks,
> wouldn't "PTP over VPN" do?

It would probably do the trick in some cases, but not in all of them. Especially if you have to set up a VPN infrastructure for a nationwide telecommunication network where you want to synchronize 20k+ devices.

> If companies have a "private (more or less) fiber", isn't that "security
> enough"?
No. Does your company use SSH or HTTPS or other encrypted/security protocols in your internal LAN?

> I mean NTP being a "public" protocol, the "NTP over VPN" wouldn't work.
> (Timing-issues left aside)
One of the reasons PTP is not used over public networks is the fact that it is not secure as-is. Once we fixed that, this might change and open up a whole new set of use-cases and applications. But the main target here is to secure sync in these private wide-area-networks where unicast PTP is in use today.

> Regards,
> Ulrich

Regards,
   Heiko




--
Heiko Gerstung
Managing Director

MEINBERG® Funkuhren GmbH & Co. KG
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Phone: +49 (0)5281 9309-404
Fax: +49 (0)5281 9309-9404

Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung

Email:
heiko.gerstung@meinberg.de<mailto:heiko.gerstung@meinberg.de>
Web:
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com

Do not miss our Time Synchronization Blog:
https://blog.meinbergglobal.com

Connect via LinkedIn:
https://www.linkedin.com/in/heikogerstung



Am 07.06.21, 09:22 schrieb "ntp im Auftrag von Ulrich Windl" <ntp-bounces@ietf.org<mailto:ntp-bounces@ietf.org> im Auftrag von Ulrich.Windl@rz.uni-regensburg.de<mailto:Ulrich.Windl@rz.uni-regensburg.de>>:


    >
    > Doug
    >
    > From: ntp <ntp‑bounces@ietf.org<mailto:ntp‑bounces@ietf.org>> on behalf of Miroslav Lichvar
    > <mlichvar@redhat.com<mailto:mlichvar@redhat.com>>
    > Date: Thursday, June 3, 2021 at 4:03 AM
    > To: Dieter Sibold <dsibold.ietf@gmail.com<mailto:dsibold.ietf@gmail.com>>
    > Cc: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org<mailto:heiko.gerstung=40meinberg.de@dmarc.ietf.org>>, NTP WG
    > <ntp@ietf.org<mailto:ntp@ietf.org>>
    > Subject: Re: [Ntp] NTS4UPTP draft
    > On Wed, Jun 02, 2021 at 11:40:49PM +0200, Dieter Sibold wrote:
    >> In the past PTP is applied mainly in local networks but today it is going
    to
    >> be applied across Internet connection also.
    >
    > Just to clarify, do you mean that people are now using PTP to
    > synchronize clocks over Internet, or that the servers are
    > accessible from Internet and that's why they need to be secured?
    >
    > The former wouldn't make sense to me as PTP relies on hardware support
    > in routers/switches, which is generally missing on Internet.
    >
    > ‑‑
    > Miroslav Lichvar
    >
    > _______________________________________________
    > ntp mailing list
    > ntp@ietf.org<mailto:ntp@ietf.org>
    > https://www.ietf.org/mailman/listinfo/ntp



    _______________________________________________
    ntp mailing list
    ntp@ietf.org<mailto:ntp@ietf.org>
    https://www.ietf.org/mailman/listinfo/ntp