Re: [Ntp] NTP over PTP

Miroslav Lichvar <> Mon, 28 June 2021 13:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E8F313A0771 for <>; Mon, 28 Jun 2021 06:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.996
X-Spam-Status: No, score=-2.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id muvNU8BLUerq for <>; Mon, 28 Jun 2021 06:45:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 864433A0770 for <>; Mon, 28 Jun 2021 06:45:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=mimecast20190719; t=1624887957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=XaTwLOKq8EV83h2ifwunLFSKk5ZJDCw0qSRwq7gHgeU=; b=Cw2RtaqhwiO699FHcF7KEH5p6MVwTekWZEcgLROcgOtasaznV1+wO7QBlDSdhmXMFtMTpo We46EmBw5Z1WvIJbcxad2GTqbXc0l0p7vC79L5cAAcKFyF+HDkOagRw7PtLJIsBuYrGC/a sJhnmLlvbAZOT4ItFI6yNdVn2QD8Q34=
Received: from ( []) (Using TLS) by with ESMTP id us-mta-539-GcoX1xNnPI-9ozHigkI-wA-1; Mon, 28 Jun 2021 09:45:55 -0400
X-MC-Unique: GcoX1xNnPI-9ozHigkI-wA-1
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2E38C100C66E; Mon, 28 Jun 2021 13:45:54 +0000 (UTC)
Received: from localhost ( []) by (Postfix) with ESMTPS id 87C18797C9; Mon, 28 Jun 2021 13:45:53 +0000 (UTC)
Date: Mon, 28 Jun 2021 15:45:51 +0200
From: Miroslav Lichvar <>
To: Heiko Gerstung <>
Cc: "" <>
Message-ID: <YNnSj8eXSyJ89Hwv@localhost>
References: <YNRtXhduDjU4/0T9@localhost> <>
MIME-Version: 1.0
In-Reply-To: <>
X-Scanned-By: MIMEDefang 2.79 on
Authentication-Results:; auth=pass smtp.auth=CUSA124A263
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <>
Subject: Re: [Ntp] NTP over PTP
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 28 Jun 2021 13:46:01 -0000

On Fri, Jun 25, 2021 at 03:00:25PM +0200, Heiko Gerstung wrote:
> If I follow your argument that unicast PTP is like the NTP control mode then yes, both mode 6 and unicast PTP are not secured against replay and amplification attacks. The NTS4UPTP draft is exactly addressing this for unicast PTP and provides the required protection. I outlined in the draft that the proposed approach achieves most of the stated objectives/goals of NTS4NTP, which is well secured (we certainly agree on that). 

If I understand it correctly, your draft is addressing the
amplification issue by requiring client authentication. That's
probably the best one can do, but it doesn't make it comparable to NTP
or NTS4NTP. The operator will still have to trust the clients to not
abuse their credentials and also trust them to not get compromised.
That's nothing like NTS4NTP where you can run a public server without
any worry about someone exploiting your server for amplification.

> In the interim meeting I believe there have been multiple participants that agreed that 
> a) PTP should be secured (it is worth it)

At least for the normal non-unicast mode, I agree.

The unicast mode seems to be intended for networks with partial
on-path hardware support, where requirements on accuracy are less
strict, and I think this might already be better supported by NTP.

> Arguing that the two drafts on the table might just need TLS instead of NTS-KE is something I cannot understand, too. PTP already has a security mechanism that is standardized and, with some extensions (provided by the submitted drafts), can be used to significantly enhance security of the protocol. What is needed is a key exchange mechanism and some additional features to close the security holes (i.e. no protection for the source IP address) - again, exactly what the two drafts provide. 

Ok, but to me it seems it would be simpler if you have skipped NTS-KE
and went with TLS directly. Anyway, for adopting the document that
shouldn't matter.

> Regarding "NTP over PTP": trying to trick the hardware timestamping engines of a large variety of vendors into timestamping a PTP packet is bound to fail IMHO. There is no standard for how these timestamping engines work, some may even look at sizes of packets (they should not do that, as PTP messages can theoretically carry TLVs, but sometimes hardware vendors take shortcuts). Some implementations will forward packets to a management CPU when the forwarding plane detects a PTP frame. The CPU will not recognize that this is NTP and will probably throw away the packet. Again, most likely not the right way to do it, but alas ... 

If there is some hardware that can timestamp only fixed-length PTP
messages with no TLVs, then that will not work with any form of
NTS4UPTP either, right? There has to be some TLV to authenticate the
message and the hardware needs to accept that.

The same applies to one-step clocks. If implemented in silicon, that
will not work in any case.

Miroslav Lichvar