Re: [Ntp] Should NTPv5 have QUIC bindings?
Hal Murray <halmurray+ietf@sonic.net> Thu, 21 October 2021 20:31 UTC
Return-Path: <halmurray+ietf@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91C523A0A94 for <ntp@ietfa.amsl.com>; Thu, 21 Oct 2021 13:31:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ziP329AIN9RR for <ntp@ietfa.amsl.com>; Thu, 21 Oct 2021 13:31:19 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BAC03A0BC6 for <ntp@ietf.org>; Thu, 21 Oct 2021 13:30:04 -0700 (PDT)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (107-137-68-211.lightspeed.sntcca.sbcglobal.net [107.137.68.211]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 19LKTx2C005647 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 21 Oct 2021 13:30:00 -0700
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 9F02028C0F3; Thu, 21 Oct 2021 13:29:59 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
To: "Salz, Rich" <rsalz@akamai.com>
cc: Hal Murray <halmurray+ietf@sonic.net>, "ntp@ietf.org" <ntp@ietf.org>
From: Hal Murray <halmurray+ietf@sonic.net>
In-Reply-To: Message from "Salz, Rich" <rsalz@akamai.com> of "Thu, 21 Oct 2021 19:38:42 -0000." <C5E01B24-E6A0-47AB-9933-FBC8C683DEA1@akamai.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 21 Oct 2021 13:29:59 -0700
Message-Id: <20211021202959.9F02028C0F3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVZqSfuBtVIYIYuxgEdlzlCRhVUgtHW/5FxWCTXUYSTv7AtmvnyroQ22Ir1kqFfOQ49Gs716uY/RMEnZ8YOb+3irc+dXZ4GPBtQ=
X-Sonic-ID: C;JvWZqa0y7BGw1JJC86s3og== M;EmLIqa0y7BGw1JJC86s3og==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/L-ZElnRgc_sAG9LAFpnt7PUwqDw>
Subject: Re: [Ntp] Should NTPv5 have QUIC bindings?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 20:31:26 -0000
rsalz@akamai.com said: > > What problem(s) do you think it will solve? > Nothing definitive which is why I asked. The IETF is moving to QUIC for many > things, so I'm curious. I think you neet to talk to a QUIC wizard. I'm assuming the idea is to replace NTS with QUIC. One of the goals of NTS was to avoid per-connection storage on the server. It uses TLS to get cookies that hold the connection info. I don't see how to do that with QUIC. As I understand it, if you are interested in performance, there are 2 types of crypto. RSA is slow. AES if fast. AES requires shaared keys. TLS uses RSA to setup a connection that holds the shared key. I don't know enough about QUIC to count packets. It looks to me like QUIC would either have to retain connections on the server or go through the connection setup for each NTP exchange. It's worth considering retaining connections. Again, I don't know any QUIC details, but memory is cheap these days. It's worth considering keeping a connection for each client. That might not work for something like the NIST servers but it could work for almost everything else. ---------- I saw mention of QUIC not using the IP Address for a connection key. That sounds like an invitation for easy tracking. If we take non-tracking as a serious goal, that could be enough to knock QUIC out of consideration. -- These are my opinions. I hate spam.
- [Ntp] Should NTPv5 have QUIC bindings? Salz, Rich
- Re: [Ntp] Should NTPv5 have QUIC bindings? James
- Re: [Ntp] Should NTPv5 have QUIC bindings? Danny Mayer
- Re: [Ntp] Should NTPv5 have QUIC bindings? Salz, Rich
- Re: [Ntp] Should NTPv5 have QUIC bindings? Hal Murray
- Re: [Ntp] Should NTPv5 have QUIC bindings? Salz, Rich
- Re: [Ntp] Should NTPv5 have QUIC bindings? Hal Murray
- Re: [Ntp] Should NTPv5 have QUIC bindings? Tony Finch