Re: [Ntp] An NTPv5 design sketch
Doug Arnold <doug.arnold@meinberg-usa.com> Thu, 16 April 2020 16:11 UTC
Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90D053A0D4B for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 09:11:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dI4C3FCbr7c for <ntp@ietfa.amsl.com>; Thu, 16 Apr 2020 09:11:25 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50063.outbound.protection.outlook.com [40.107.5.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03AF83A0D0D for <ntp@ietf.org>; Thu, 16 Apr 2020 09:11:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NNVkR76ChhrLpDSsOW5+BgOfv/h6DuZMEHj+J0JSihykg2buCsIk6hihkCRaiN3suVC56IUoyoLL+HOC7mC7rmvnXtUMoZG9rx8a+lsEFHQSQC4SsPCHsPAk9Iyt/0zvvrj6UkCzgHmrTMSQCvUfYS2aqmKQ5FxOiNJ8otoarley9ldc1AZVd87B9+8wal4JndmiQzxA79w46LTWRp4E39IcRecJBV5K1M1MBdf9po20OIE5//NbSq4ZwxiU/3mIvOKGN8f3ihcvMk77IMdL+EdSyf2vXhOAyzzrq3xgFBqMpLcS5gQh4ISU1uUZLLzTbFbBmgsbc78Hqj8P4VPIow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9s330191cEeOGzhxl+WhwiTU3hQLZ3Ol3JgJXZ4toWc=; b=FJ93Jy6YNVQEjFbPHb6w+VGgVwWLvdgN+RunZV+3PVVGYaTp2kGILAOIzcUUhLFa9DSsLoTAHnQ3kPJVIoRAgsESfixfhDfUB+NaJBTSgKVO8ZEksBOkEx5CNw1WXPJjg60jN1FpJXsUAb8bYckvQ98hcrj6O4Q0x9dk8ZoxIGXfogp9jumhXqS5Gf2EdV8sNJyqpzib6fg03Tev/Q20GIYQuepsY3oZlVGjxUzmEE0EO2OJKhCiV9EgcTYyd6CFXok7fNBeF8TYLPgX27iqf4wnJMpEVi3nbeAPu3x2fRyuMeBO3Dhsd4rNQhzEBMVVxdPtEcSVJZF+rg8IHI8twQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9s330191cEeOGzhxl+WhwiTU3hQLZ3Ol3JgJXZ4toWc=; b=I7+Ym8sJtfFzry5mqElbtq0AGhqiGtX7p1pfUYZyWD1xjCW5GuEpQHgojZbPhl4P1iRYRVOK09RdtxWQv8BGYee/Q1HdKQfcHE2W/6YELr/P5/UWOv5kzK8RE1Dxrd6Z71ZubCo1PCM0FsO0QqH3mHT05PIaG2g/6bEZ+0ExHDo=
Received: from DB8PR02MB5611.eurprd02.prod.outlook.com (2603:10a6:10:eb::31) by DB8PR02MB5498.eurprd02.prod.outlook.com (2603:10a6:10:bf::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25; Thu, 16 Apr 2020 16:11:22 +0000
Received: from DB8PR02MB5611.eurprd02.prod.outlook.com ([fe80::9525:30ab:defe:44a6]) by DB8PR02MB5611.eurprd02.prod.outlook.com ([fe80::9525:30ab:defe:44a6%7]) with mapi id 15.20.2900.028; Thu, 16 Apr 2020 16:11:22 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Daniel Franke <dfoxfranke@gmail.com>
CC: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] An NTPv5 design sketch
Thread-Index: AQHWEOYv5hVc24KDEky093B5a71QhKh4fQ+AgAA8gQCAAA4YgIAACmqAgAD4yYCAAJCNgIABFBmAgACBIBk=
Date: Thu, 16 Apr 2020 16:11:21 +0000
Message-ID: <DB8PR02MB5611418689CEA2FB66C0FD80CFD80@DB8PR02MB5611.eurprd02.prod.outlook.com>
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost> <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com>, <20200416082557.GI1945@localhost>
In-Reply-To: <20200416082557.GI1945@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=doug.arnold@meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 55978d68-32a7-4d6e-9e3a-08d7e220ce11
x-ms-traffictypediagnostic: DB8PR02MB5498:
x-microsoft-antispam-prvs: <DB8PR02MB5498AB651B9BC82F91AB8A35CFD80@DB8PR02MB5498.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0375972289
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8PR02MB5611.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(136003)(396003)(39830400003)(366004)(376002)(346002)(316002)(966005)(66476007)(5660300002)(110136005)(2906002)(66946007)(91956017)(76116006)(508600001)(66446008)(66556008)(64756008)(186003)(86362001)(44832011)(4326008)(9686003)(55016002)(7696005)(71200400001)(26005)(6506007)(53546011)(19627405001)(8676002)(52536014)(33656002)(81156014)(8936002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: meinberg-usa.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 51o8L/GpuKrHkuIB3H9U/gWAT2Wtfd8tAL4lNnVput9Pdpi1Eks4EYlUZeO/9ZNWMyA8bNxKZGrJWbaW4TN+SSBGuwWfZAi+RqeWO/EZYtD3UALBMLL8Ebm5doDHeX5YMOWYjuXZpJS+nAotXTota4RkXwNRMd2HS/EGMxJLNSBHgVmiZvrpnYvsmW8PlY77igVLzdCyLTsnmTuVjXpVauSXizWZamPIqgNCmz7j8F58dntY8LmO87XrKd3OQ7WMQK+mYdRMi3/y+vjkULm1N6MnIVxXf8YCaE/C9YwqT+gzhA1XJFaOF1YKaFSLnmjy4c9sY6Rt9Ndb5a+z9S8M0us1xRYWtPQVNQiLIb/YtSNXLCEJS5QGBHLl8J/XfZgr8H4VIkW3knr5C2AezYAcwxwxbUKx9xbkwEdqmnywaRxTonFIW7IdpzXH7wbgO3i89VAnjhZP/to7X7ledBwJeClv45eLvzbBXbkH9BT4kIzoMFgsh4ZY9Z/F5u2cwwchuvA8HGNbgU6V3YvpQaY/XA==
x-ms-exchange-antispam-messagedata: Zoq4DjHzpoCMJcfg1lSAr+zspu3VY+ArA+L04LHFQXxxjvLeo/upnoUbY3qiryb1VgowE6GE93kzhaoB+av8dNS2yeA0sSk/HfbjQjsWiKNuoaLx7nzMLM3tp13S2V+dcw3ftcnfPeQTlNg01ElVGw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB8PR02MB5611418689CEA2FB66C0FD80CFD80DB8PR02MB5611eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 55978d68-32a7-4d6e-9e3a-08d7e220ce11
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2020 16:11:21.7158 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: S68zU5Iq06h2VpViuXzehTpx9jaqk5DUZqBMsJlhIEKspbFBWezOabb5t660k0pZ08310orX/8/ysHfpWc86VWyiZydEu7yt4h7fgsxWi6s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR02MB5498
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/pSsA_XzFo7lqiB6E9PtWO-ERrcg>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 16:11:31 -0000
Supporting simple harware implementations in closed specialized networks, like a robot, is a problem already well solved by PTP. Making NTP do that does not help solve technical problems. Making a timing protocol that is robust and secure is not at all solved by PTP. That is how NTPv5 can make the world better. Doug ________________________________ From: ntp <ntp-bounces@ietf.org> on behalf of Miroslav Lichvar <mlichvar@redhat.com> Sent: Thursday, April 16, 2020 1:25 AM To: Daniel Franke <dfoxfranke@gmail.com> Cc: NTP WG <ntp@ietf.org> Subject: Re: [Ntp] An NTPv5 design sketch On Wed, Apr 15, 2020 at 11:57:45AM -0400, Daniel Franke wrote: > On Wed, Apr 15, 2020 at 3:20 AM Miroslav Lichvar <mlichvar@redhat.com> wrote: > > > > That code will likely need to be updated to fix security issues. > > So will the NTP code itself, not to mention the OS kernel and whatever > else your device is running. The device may be very simple. It may not have an OS and NTP may be the only networking it does. It could be measuring intervals in a physics experiment, or controlling a robot in a factory. Consider where and why PTP originated and that NTPv5 with its correction field might be usable there too. > Different NTP implementations have had > serious security issues with widely varying frequency; so have > different TLS implementations. I'm not going to engage in arguments > about the precise quantity, severity, or inevitability of these > vulnerabilities; I'm just asserting the lack of a qualitative > difference in the historical need for patching. Well, that would be an interesting exercise, but I think just from the nature of the domains it's much more likely a TLS code will need to be patched than an NTP code written with the same care. It would be also interesting to compare just the protocols alone. How many issues does NTPv2 from 1989 (which is not that different from NTPv4) have? > > It would help if you could explain why do you think it should. > > NTPv5 (as I've sketched it) depends on NTS for more than just > cryptographic security; it's also version negotiation (NTS Next > Protocol), server discovery (Server and Port Negotation), and > anti-amplification (address-bound cookies). Making NTS optional would > require alternative approaches to all these issues. I don't see a big problem with that. Supporting NTS is much more difficult than supporting those extensions would be. Being able to use other authentication mechanisms (e.g. symmetric key, or a successor of NTS) is an advantage. > It would also > complicate the packet format and add landmines for implementers > (granted, already present in v4 NTS) around correct handling of > unprotected responses. Protected responses need to be handled in the same way as unprotected responses. You never know if the server isn't compromised and trying to attack you. -- Miroslav Lichvar _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] [EXT] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] [EXT] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antwort: Re: An NTPv5 design sketch< kristof.teichel
- Re: [Ntp] An NTPv5 design sketch Salz, Rich
- Re: [Ntp] An NTPv5 design sketch Kyle Rose
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 design s… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 desi… Miroslav Lichvar