[Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-using-nts-for-ntp-22.txt> (Network Time Security for the Network Time Protocol) to Proposed Standard
"Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de> Wed, 26 February 2020 08:39 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F231C3A10A3; Wed, 26 Feb 2020 00:39:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RsyIGgtIRIP; Wed, 26 Feb 2020 00:39:27 -0800 (PST)
Received: from mx1.uni-regensburg.de (mx1.uni-regensburg.de [194.94.157.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C21693A10A5; Wed, 26 Feb 2020 00:39:26 -0800 (PST)
Received: from mx1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 1320C600004F; Wed, 26 Feb 2020 09:39:24 +0100 (CET)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx1.uni-regensburg.de (Postfix) with ESMTP id B373A600004E; Wed, 26 Feb 2020 09:39:20 +0100 (CET)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Wed, 26 Feb 2020 09:39:20 +0100
Message-Id: <5E562EB3020000A100037349@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.0
Date: Wed, 26 Feb 2020 09:39:15 +0100
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Steven Sommars <stevesommarsntp@gmail.com>, last-call@ietf.org
Cc: draft-ietf-ntp-using-nts-for-ntp@ietf.org, ietf-announce@ietf.org, "ntp@ietf.org" <ntp@ietf.org>, "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, odonoghue@isoc.org, suresh@kaloom.com
References: <158169157632.16127.5189378582509283109.idtracker@ietfa.amsl.com> <13690_1582555938_5E53E31F_13690_19_1_CAD4huA6nNtJB5=E+dxBvmsLrozkgZ3f-3P=NydCsm8=F2Tj_Fw@mail.gmail.com>
In-Reply-To: <13690_1582555938_5E53E31F_13690_19_1_CAD4huA6nNtJB5=E+dxBvmsLrozkgZ3f-3P=NydCsm8=F2Tj_Fw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/JBj4qTsKDWDXKET3OsrhIvUspdU>
Subject: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-using-nts-for-ntp-22.txt> (Network Time Security for the Network Time Protocol) to Proposed Standard
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 08:39:30 -0000
>>> Steven Sommars <stevesommarsntp@gmail.com> schrieb am 24.02.2020 um 15:51 in Nachricht <13690_1582555938_5E53E31F_13690_19_1_CAD4huA6nNtJB5=E+dxBvmsLrozkgZ3f-3P=NydCsm =F2Tj_Fw@mail.gmail.com>: > There is substantial size-based blocking of UDP port 123 IPv4 packets by > ISPs/IXPs. From one NTP monitoring point I saw about one third of the NTP > destinations unreachable (dropped en route) for 212-460 byte port 123 > UDP. Another monitoring point experienced blocking for all NTP > destinations when the size was greater than 428 bytes. Size-based NTP > blocking is not a secret; it was discussed on the NANOG mailing list in > 2014 (see for example > https://mailman.nanog.org/pipermail/nanog/2014-February/064634.html ). > NTP requests can be dropped, so section 9.3 of draft 22 does not address > the problem. While NTS will not be a DDoS amplification source, it will > be affected by existing DDoS countermeasures. > > How will NTS work in today's UDP-unfriendly Internet? Maybe a candidate for the best practices: "How to block unwanted NTP packets correctly?", "Should NTP packets be blocked?". Here I can't use any external NTP server, BTW. I feel safe ;-) > > On Fri, Feb 14, 2020 at 8:47 AM The IESG <iesg-secretary@ietf.org> wrote: > >> >> The IESG has received a request from the Network Time Protocol WG (ntp) to >> consider the following document: - 'Network Time Security for the Network >> Time Protocol' >> <draft-ietf-ntp-using-nts-for-ntp-22.txt> as Proposed Standard >> >> The IESG plans to make a decision in the next few weeks, and solicits final >> comments on this action. Please send substantive comments to the >> last-call@ietf.org mailing lists by 2020-02-28. Exceptionally, comments >> may >> be sent to iesg@ietf.org instead. In either case, please retain the >> beginning >> of the Subject line to allow automated sorting. >> >> Abstract >> >> >> This memo specifies Network Time Security (NTS), a mechanism for >> using Transport Layer Security (TLS) and Authenticated Encryption >> with Associated Data (AEAD) to provide cryptographic security for the >> client-server mode of the Network Time Protocol (NTP). >> >> NTS is structured as a suite of two loosely coupled sub-protocols. >> The first (NTS-KE) handles initial authentication and key >> establishment over TLS. The second handles encryption and >> authentication during NTP time synchronization via extension fields >> in the NTP packets, and holds all required state only on the client >> via opaque cookies. >> >> >> >> >> The file can be obtained via >> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ >> >> IESG discussion can be tracked via >> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ballot/ >> >> >> No IPR declarations have been submitted directly on this I-D. >> >> >> The document contains these normative downward references. >> See RFC 3967 for additional information: >> rfc5297: Synthetic Initialization Vector (SIV) Authenticated >> Encryption Using the Advanced Encryption Standard (AES) (Informational - >> IETF stream) >> >> >> >> _______________________________________________ >> ntp mailing list >> ntp@ietf.org >> https://www.ietf.org/mailman/listinfo/ntp >>
- [Ntp] Last Call: <draft-ietf-ntp-using-nts-for-nt… The IESG
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Russ Housley
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Marcus Dansarie
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Patrik Fältström
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Daniel Lublin
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Russ Housley
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Hal Murray
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Miroslav Lichvar
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Hal Murray
- [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Paul Wouters
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Watson Ladd
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Karen O'Donoghue
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Franke, Daniel
- Re: [Ntp] [Last-Call] NTP Extensions (was Re: Las… Benjamin Kaduk
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Harlan Stenn
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Watson Ladd
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Harlan Stenn
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Watson Ladd
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Harlan Stenn
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Daniel Franke
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Karen O'Donoghue
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Watson Ladd
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Harlan Stenn
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Harlan Stenn
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Daniel Franke
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Karen O'Donoghue
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Karen O'Donoghue
- Re: [Ntp] NTP Extensions (was Re: Last Call: <dra… Suresh Krishnan
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Steven Sommars
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Watson Ladd
- Re: [Ntp] Last Call: <draft-ietf-ntp-using-nts-fo… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-… Ulrich Windl