IETF Logo Mail Archive

[Ntp] Antw: [EXT] Re: NTPv5 draft

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Tue, 01 December 2020 08:48 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53C403A0B9C for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 00:48:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_TVD_FUZZY_SECURITIES=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RtNjVbWJcVRJ for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 00:48:15 -0800 (PST)
Received: from mx4.uni-regensburg.de (mx4.uni-regensburg.de [194.94.157.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D6993A0B92 for <ntp@ietf.org>; Tue, 1 Dec 2020 00:48:15 -0800 (PST)
Received: from mx4.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 315146000051 for <ntp@ietf.org>; Tue, 1 Dec 2020 09:48:12 +0100 (CET)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx4.uni-regensburg.de (Postfix) with ESMTP id 081C1600004E for <ntp@ietf.org>; Tue, 1 Dec 2020 09:48:12 +0100 (CET)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Tue, 01 Dec 2020 09:48:12 +0100
Message-Id: <5FC6034B020000A10003D2FD@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.3.0
Date: Tue, 01 Dec 2020 09:48:11 +0100
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Dieter Sibold <dsibold.ietf@gmail.com>, doug.arnold@meinberg-usa.com, mlichvar@redhat.com
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <49B3601E-C6A9-4B9E-BE9D-7FD69CCC54DC@meinberg-usa.com>
In-Reply-To: <49B3601E-C6A9-4B9E-BE9D-7FD69CCC54DC@meinberg-usa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Klp6P6t3Arm_3tMzOOyTO5ezWiE>
Subject: [Ntp] Antw: [EXT] Re: NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 08:48:18 -0000

>>> Doug Arnold <doug.arnold@meinberg-usa.com> schrieb am 30.11.2020 um 23:12
in
Nachricht <49B3601E-C6A9-4B9E-BE9D-7FD69CCC54DC@meinberg-usa.com>:
> RE security: 
> I think that there is a possibility of a non safety-critical closed network

> application of ntp that does not need security.  Especially if the client
has 
> a limited processor implementation.  I don't know, a golf course watering 
> system or something.

I think an interesting point is this: Do people think they don't need
security, because

1) it costs extra CPU cycles
2) it's difficult to set up and maintain
3) it brings no benefit

As Doug pointed out there are use cases for 3), but when 1) and 2) become
practically meaningless, many people won't care about 3), I guess.

> 
> Mandatory or not, I think that security should be added to the protocol as 
> an extension field, and described in another document.  Security mechanisms

> change frequently.  I think that there is a good chance that we, or someone,

> will define a successor to NTS within 10 years.  But the over the wire ntp 
> specification might last longer.  One of the virtues of Miroslav's proposal

> is that the minimum ptp message and protocol are simple and everything else

> is an extension. 

Yes, cryptography must be flexible.  Maybe just to meet legal restrictions for
some countries.

Regards,
Ulrich

> 
> Doug
> 
> On 11/30/20, 2:12 PM, "ntp on behalf of Dieter Sibold"
<ntp-bounces@ietf.org 
> on behalf of dsibold.ietf@gmail.com> wrote:
> 
>     Hi Miroslav
> 
>     Many thanks for your NTPv5 proposal.
> 
>     With my working group chair’s hat off!
> 
>     I have following comments:
> 
> 
>     1. Security
> 
>     The protocol as proposed is missing a security approach. There are no 
>     mechanisms described to provide authentication, integrity protection and

> 
>     maybe encryption. I very much agree with Jame’s proposed draft that a 
>     new version of NTP must provide these mechanisms by default.  Sure, you

>     can add NTS to protect the NTPv5 packets. But in this case protection is

> 
>     always an optional add-on whereas it needs to be an inherent part of the

> 
>     basic protocol. To achieve this the NTS approach certainly can be 
>     transferred to the basic v5 protocol and packet format.
> 
> 
> 
> 
>     2. Interleave and 2-Step
> 
>     I agree with Doug to decide with approach to provide with NTPv5. 
>     Providing both 2-Step and Interleave may increase complexity 
>     unnecessarily. Personally, I find that the 2-step approach with the 
>     follow-up message is more concise. And since the first message only need

> 
>     to be very small (it just needs to contain the information to ensure 
>     correlation with the follow up) the waste of network bandwidth is very 
>     small.
> 
> 
> 
>     3. Traceability
> 
>     It would make sense that the v5-packets optionally provide information 
>     about the uncertainty of the timestamps taken. These formally for 
>     establishing traceability. Additionally, in order to maintain 
>     traceability during the time period in which leap smearing is applied 
>     the client needs to obtain the necessary information to calculate the 
>     offset between UTC and smeared time. This also is mandatory to maintain

>     traceability.
> 
> 
>     Dieter
> 
> 
> 
> 
> 
> 
> 
> 
> 
>     On 11 Nov 2020, at 17:19, Miroslav Lichvar wrote:
> 
>     > As promised on the previous meetings, I wrote an NTPv5 draft. It's
>     > based on the proposal I sent to this list few months ago, with few
>     > improvements like timestamp fields seperated from cookies, etc. It
>     > still needs a lot of work to be able to stand on its own, but I think
>     > it should be good enough for people here to understand how it is
>     > intended to work.
>     >
>     > It's too late to submit it for the upcoming meeting. Here is a link
to
>     > a txt version if anyone would like to read it and discuss it here:
>     >
>     > https://gist.github.com/mlichvar/2bee94a706d60da9ca88d712afef083e 
>     >
>     > -- 
>     > Miroslav Lichvar
>     >
>     > _______________________________________________
>     > ntp mailing list
>     > ntp@ietf.org 
>     > https://www.ietf.org/mailman/listinfo/ntp 
> 
>     _______________________________________________
>     ntp mailing list
>     ntp@ietf.org 
>     https://www.ietf.org/mailman/listinfo/ntp 
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org 
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email