Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
kristof.teichel@ptb.de Mon, 10 December 2018 11:32 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6FE7130EA5 for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 03:32:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gq6slFtDeiUL for <ntp@ietfa.amsl.com>; Mon, 10 Dec 2018 03:32:37 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CA1B130E3C for <ntp@ietf.org>; Mon, 10 Dec 2018 03:32:36 -0800 (PST)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id wBABWYCW003398-wBABWYCY003398 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 10 Dec 2018 12:32:34 +0100
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 74DBC73021D; Mon, 10 Dec 2018 12:32:34 +0100 (CET)
In-Reply-To: <0e3cd1f5-46e4-2eae-e8cf-eb0aca976564@nwtime.org>
References: <b558b0de-a451-f233-e86c-26f4b065c164@nwtime.org> <4e9efcc4-0285-72c1-9119-7cbd167847d0@nwtime.org> <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <0DAD4C5F-EAFA-4A3D-A3E4-55F34A7C1BFE@isoc.org> <AM0PR0602MB3730B2389832592B5A1D2647FFA90@AM0PR0602MB3730.eurprd06.prod.outlook.com> <OF03487E97.EB065354-ONC125835D.006E9262-C125835D.00717024@ptb.de> <OF42DFC0BE.0D439664-ONC125835E.003FD128-C125835E.00406A35@ptb.de> <0e3cd1f5-46e4-2eae-e8cf-eb0aca976564@nwtime.org>
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
MIME-Version: 1.0
Message-ID: <OF6107D57B.A58606A8-ONC125835F.0035A94E-C125835F.003F67B7@ptb.de>
From: kristof.teichel@ptb.de
Date: Mon, 10 Dec 2018 12:32:46 +0100
Content-Type: multipart/alternative; boundary="=_alternative 003F67B5C125835F_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/JN_Clfu_vOfBQNCMwErKgyBjYL4>
Subject: Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 11:32:42 -0000
"Harlan Stenn" <stenn@nwtime.org> schrieb am 10.12.2018 10:22:33: > Von: "Harlan Stenn" <stenn@nwtime.org> > An: kristof.teichel@ptb.de > Kopie: ntp@ietf.org > Datum: 10.12.2018 10:22 > Betreff: Re: Antwort: Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp- > using-nts-for-ntp > > I'll provide a more detailed response to your previous email about this > as soon as I can. It might be later tonight. > > On 12/9/18 3:43 AM, kristof.teichel@ptb.de wrote: > > Fair enough, I guess. > > > > However, please don't use "Harlan hasn't gotten his way on issue > X" and "issue X > > has never even been adressed" interchangably. > > I think that's an inappropriate and offensive thing to say, and I > challenge you to either clearly support it or retract it. I might have presented my assessment in an unnecessarily ad hominem manner, for which I apologize. However, I absolutely stand by the core of it: The issues you claimed had "still not been adressed" had long been seen, actively considered and publically commented on, some of them repeatedly. >From my point of view, that makes your claim blatantly and obviously false - which is important, since your opposition is argued on this basis. I simply didn't (still don't) know how to reconcile this, other than to assume we mean hugely different things when we talk about 'not addressing' an issue. Perhaps you can tell us what exactly you meant by 'not adressed'? > > Otherwise, anyone trying to follow the WGLC discussion who isn't > aware of the > > history might be confused. > Perhaps it would be at least inadequate for people to follow the WGLC > discussion and *not* consider the history. > > If you are saying that the WGLC discussion should be a complete > discussion of the issues, I would object to that. That's an incredible > amount of work for each person involved to do, and I really have better > uses for my time and attention than to rehash things that you, for > example, have already said you will "dismiss". > > > Also, please clarify what the mentioned "proposed solution" by > Dave is referring to. > > Merely claiming that there is some holy grail document that peopleare just > > ignoring for no good reason does not further constructive discussion. > > Please search the email history. I'm pretty sure there are at least > one, and possibly two documents from Dave in there, and there are > certainly other related discussions. My issue is not that I can find no documents from Dave or related discussions/documents in the history, it is that that there are several (including different versions), none of which I think meet your description ("proposed solution" to the listed issues, that would enable "working towards a better/more functional solution" [than NTS]). So again, please clarify unambiguously which document you mean so we can have (or review) a discussion on it - because this WGLC would have definitely represented the time and the place to do just that. > H > -- > > > > Best regards, > > Kristof > > > > > > -----"ntp" <ntp-bounces@ietf.org <mailto:ntp-bounces@ietf.org>> > schrieb: ----- > > An: kristof.teichel@ptb.de <mailto:kristof.teichel@ptb.de> > > Von: "Harlan Stenn" > > Gesendet von: "ntp" > > Datum: 09.12.2018 06:48 > > Kopie: ntp@ietf.org <mailto:ntp@ietf.org> > > Betreff: Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp > > > > Hence my objections remain. > > > > H > > > > On 12/8/2018 12:39 PM, kristof.teichel@ptb.de < mailto:kristof.teichel@ptb.de > > wrote: > > > I'm on my browser mail client and sadly can't respond in-line > without making a > > > mess of the formatting. > > > > > > The summary of my response is: yes, we have seen most or all of > the here-cited > > > concerns of yours before, and dismissed them. > > > Sorry if that was not always communicated clearly enough - > although I have a > > > feeling that in most cases, it was. > > > > > > In any case, let me give short-ish versions of replies > regarding the mentioned > > > points: > > > > > > - The "earmarked" EF type thing: to me it looks like you're > basically trying to > > > have NTS make people adhere to an NTF-internal numeration > system (the only place > > > I know of where it is "standardized" is the Autokey RFC?). > That, I oppose. > > > > > > - Being "monolithic": this seems like a mere impression that > you have that is > > > also mostly false (e.g. a client could choose to send no cookie > placeholders and > > > ignore all fresh cookies - though I do not advertise this > idea). I can only > > > guess what you would like us to do about your concern, and the > things I am > > > guessing (such as dividing AEAD and fresh cookies off into some > kind of optional > > > sub-mode), I definitely oppose. > > > > > > - TCP matters: are you seriously suggesting for NTS to rest > until a number of > > > other drafts potentially reach RFC status? If not, what exactly are you > > > suggesting? If so, I oppose. > > > > > > - The "one cookie/placeholder per field" issue: could someone who has > > > implemented this please elaborate on the typical size of a > cookie? In any case, > > > a placeholder must by design be as large, so I'm not convinced > there is any > > > issue here. In either case, I don't see an actionable > suggestion (I can guess at > > > one, bit for that one I would still need to be convinced there > is an issue in > > > the first place). > > > > > > - The "all modes or bust" issue: I remember giving you a > lengthy response to > > > this previously. Please stop insisting this concern has never > been adressed. > > > Also, what is you actionable suggestion? Put everything on > hold, until solutions > > > have been found that everyone including you can agree on, for > modes that are > > > used significantly less than the one adressed? If so, I oppose. > > > > > > - The "Dave has a viable alternative" claim: what is the > proposed "solution" of > > > which you speak? I remember a document skeleton which barely > had more than > > > headlines for its sections, and I remember a lengthy document > that switched > > > between a vague critique of mixed NTS versions and a proposal for what a > > > proposal might look like (where some of the few concrete > suggestions would be > > > attackable with methods straight out of Roettger's 2012 > critique of Autokey)... > > > if you mean either of those then please stop bringing them up > as though there > > > was a serious discussion to be had at this point. If you mean > something else, > > > please refer us to it so that a real discussion is possible. > And again, what > > > would even be your actionable suggestion to us, the editors of > the NTS document? > > > > > > Is there anything else (preferably actionable suggestions) you > still feel has > > > not been adressed? > > > > > > > > > Best regards, > > > Kristof > > > > > > > > > -----"ntp" <ntp-bounces@ietf.org <mailto:ntp-bounces@ietf.org> > > <mailto:ntp-bounces@ietf.org>> schrieb: ----- > > > An: ntp@ietf.org <mailto:ntp@ietf.org> <mailto:ntp@ietf.org> > > > Von: "Harlan Stenn" > > > Gesendet von: "ntp" > > > Datum: 07.12.2018 23:05 > > > Betreff: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp > > > > > > I am strongly supportive of the goal of providing a replacement for > > > Autokey, as soon as possible. > > > > > > As written, I am opposed to the adoption of this proposal, as the > > > detailed objections and concerns I have repeatedly raised have still not > > > been addressed. > > > > > > Off the top of my head, here is a (partial?) summary of my objections: > > > > > > - we have long earmarked EF type 4 for NTS, and this is still not in the > > > document as a recommendation for IANA. In particular, if the proposal > > > advances as written we would want to see: > > > > > > | 0x0104 | * NTS Unique Identifier Request | > > > | 0x8104 | * NTS Unique Identifier Response | > > > | 0x0204 | * NTS Cookie | > > > | 0x0304 | * NTS Cookie Placeholder | > > > | 0x0404 | * NTS AEEF Request | > > > | 0x8404 | * NTS AEEF Response | > > > > > > (or similar). There is no good reason to leave it up to IANA to > > > possibly assign 6 random EFs for this use case. > > > draft-stenn-ntp-extension-fields (for which I will be trying to post an > > > update soon) clearly and simply describes this. > > > > > > - The proposal is too monolithic, and we would all be better served with > > > a proposal that separates the cookie mechanism and encrypted transfers > > > into separately-usable mechanisms. There may be other similar cases as > > > well, but my brain is too fuzzy right now to think more about this. > > > > > > - It creates a separate TCP service/port specifically for NTS key > > > exchange. This is wasteful in general, and would be better served by > > > folks collaborating on: > > > > > > draft-stenn-ntp-tcp-services > > > draft-stenn-ntp-tcp-services-keyexchange > > > > > > - The proposal uses multiple Cookie and Cookie Placeholder messages (as > > > I recall - see my other message about the cold I'm still recovering > > > from) instead of having a single Cookie and Cookie Placeholder message > > > that supports multiple entries. This would not be an issue if 7822 did > > > not specify a 28-octet minimum final EF size, or if > > > draft-stenn-ntp-extension-fields was implemented (or being considered, > > > even). > > > > > > - It only supports client/server mode, and it does so in a way for which > > > adding support for symmetric and [mb]*cast modes had been demonstrated > > > to be problematic. We need an encompassing solution, and this isn't it. > > > > > > It would not surprise me at all to discover issues I have forgotten to > > > list above that are in my previous messages on this topic. > > > > > > I'm sorry I haven't had the resources to once again re-study and re-list > > > my objections to this proposal. > > > > > > Dave Mills has posted several papers about the above problems including > > > a proposed solution, but for whatever reasons, for years we have > > > continued to pursue this increasingly limited solution instead of > > > working towards a better/more functional solution. > > > > > > As I said in an earlier message, Dave is currently unable to receive or > > > send email messages, so he apparenetly can't participate in this WGLC. > > > > > > -- > > > Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org> > > <mailto:stenn@nwtime.org>> > > > http://networktimefoundation.org - be a member! > > > > > > _______________________________________________ > > > ntp mailing list > > > ntp@ietf.org <mailto:ntp@ietf.org> <mailto:ntp@ietf.org> > > > https://www.ietf.org/mailman/listinfo/ntp > > > > > > > -- > > Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org>> > > http://networktimefoundation.org - be a member! > > > > _______________________________________________ > > ntp mailing list > > ntp@ietf.org <mailto:ntp@ietf.org> > > https://www.ietf.org/mailman/listinfo/ntp > > > > -- > Harlan Stenn <stenn@nwtime.org> > http://networktimefoundation.org - be a member!
- [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Loganaden Velvindron
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- [Ntp] Fwd: WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- [Ntp] Dave Mills: Re: WGLC: draft-ietf-ntp-using-… Harlan Stenn
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Miroslav Lichvar
- Re: [Ntp] Fwd: WGLC: draft-ietf-ntp-using-nts-for… kristof.teichel
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Denis Reilly
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Marcus Dansarie
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Harlan Stenn
- [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Salz, Rich
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-i… Harlan Stenn
- Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-i… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Salz, Rich
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… kristof.teichel
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Brian Haberman
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Marcus Dansarie
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Salz, Rich
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Salz, Rich
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Ragnar Sundblad
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Miroslav Lichvar