[Ntp] Antwort: Re: [NTP] Roughtime: Inadequate Explanation of Protocol's Unique Feature? (Question to all WG members)

kristof.teichel@ptb.de Tue, 03 September 2024 16:34 UTC

Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48EA5C18DBBF for <ntp@ietfa.amsl.com>; Tue, 3 Sep 2024 09:34:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.628
X-Spam-Level:
X-Spam-Status: No, score=-1.628 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K47AA5KSOBAQ for <ntp@ietfa.amsl.com>; Tue, 3 Sep 2024 09:34:30 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3399C14F701 for <ntp@ietf.org>; Tue, 3 Sep 2024 09:34:28 -0700 (PDT)
Received: from s23397.bs.ptb.de ([172.21.101.132]) by mx1.bs.ptb.de with ESMTP id 483GYONq022217-483GYONs022217 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Tue, 3 Sep 2024 18:34:24 +0200
MIME-Version: 1.0
Sensitivity:
In-Reply-To: <CACsn0ckTqUVWhOQm+ZFaV1s_ftuyUaG1f_Ot=hi+4uQDZ8Dqtg@mail.gmail.com>
References: <CACsn0ckTqUVWhOQm+ZFaV1s_ftuyUaG1f_Ot=hi+4uQDZ8Dqtg@mail.gmail.com>, <CACsn0c=EE1XfdqPSXUBBRNxCx-q-kujRvfYt8y_HpWKKhNkY=Q@mail.gmail.com> <OF2CFF35FC.75A6A341-ONC1258B78.0038739B-C1258B78.00390D28@ptb.de> <CACsn0c=K0dHULBVvXB+Hhd+S6TB8PDsEB68DiLR+t8gpfzP_GQ@mail.gmail.com> <OF8A6D8203.9F157312-ONC1258B8D.002DDF63-C1258B8D.002F5442@ptb.de>
From: kristof.teichel@ptb.de
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <OFE0B4C26A.2D95D857-ONC1258B8D.0058BC01-C1258B8D.005B09C7@ptb.de>
X-Priority: 3 (Normal)
Importance: Normal
Date: Tue, 03 Sep 2024 18:34:22 +0200
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-FEAS-Client-IP: 172.21.101.132
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=mime-version:references:subject:from:to:cc:message-id:date:content-type; bh=dbDG6KkUM8NyjtgYnsCnYA1yDL+rICl4Ud/IOxeC4x8=; b=MwRMBuN8fTQGOMx9UTW4QJsjF38TEJfRfOXyTV0SKEjp7Tx203uCfL8FBv1T0Bw1XkRdrfXyN+wS 2zcrgXaP0ROeZp6Vsgn2Al/sWA4A9Cr2XnUF2qhH2tiWydzdjaZBHKXLFH1l0xRtamfqIr/ebWAh kTHlt53FgLuSKTrRmrYxdEFgiVW/NPYKmLgKinGgqTCQ2e/OWD5iHaRcfw7/B0H/0h9pZ9NdyMxB RKLVA+MA2MkQkRqRjb6bJeGOkJdmI3g7qGwgsQEb+iAkHAt8OdKz/yOKJQBiZxh30F9FHHuMxFHS K/MMBZPBzUqJYVy4J7CZ0I4Q9HqZnbGMKM6Xaw==
Message-ID-Hash: J35D46J7C4QCJ2D6ZDAJBFXZ2DK6ASMB
X-Message-ID-Hash: J35D46J7C4QCJ2D6ZDAJBFXZ2DK6ASMB
X-MailFrom: kristof.teichel@ptb.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NTP WG <ntp@ietf.org>, Marcus Dansarie <marcus@dansarie.se>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ntp] Antwort: Re: [NTP] Roughtime: Inadequate Explanation of Protocol's Unique Feature? (Question to all WG members)
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/MX9K8k0BDxx4LzWomzD7VKs0DeE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>

@ntp-wg: please largely ignore the dive into detail below, and instead go to the opinion I asked elsewhere if you want to help :)



@watson:
You're welcome, and thanks for engaging with the feedback so openly.

Section 4 could use an editing pass IMO, especially in the first 1-2 sentences: I cannot parse exactly which timestamp t_1, t_2, t_3 goes with which packet (but there are multiple options that make sense, so it's fine overall).
But even when I fill in some blanks, I have to really stretch to read from Section 4 anything that pertains to the chaining mechanism (which I again have to fill out some blanks but I think I can imagine what you mean).

Section 9.2 is more clearly related, but it seems to be swallowing some pretty helpful information:
- Why these bursts of 3 queries? Wouldn't it be more obvious to keep the sequence (chain?) running, i.e. use the third response instead of some NONC on a subsequent query (and thereby have another chain of 3 with different pairing)? 
- (related:) If I'm sticking to 3 queries, won't I be limited to catching the culprit for inconsistencies ONLY if it is the "middle" server that I queried
(i.e. if the time from the 1st is too early, or that of the 3rd is too late, there won't be a violation of ordering in my chain, right?)
(also, if there is a clash between the 1st and 2nd, but neither clashes with the 3rd, I will have a hint of malfeasance, but no clear suspect, right?) 
- Isn't the whole concept of detecting inconsistencies through looking for violation of ordering also highly dependent on the frequency with which I query? There needs to be overlap for crypto proof, so if I only query e.g. every 10 seconds, I will not necessarily be able to prove a 9 second error/inconsistency/deception... right?
- Wouldn't a burst of 2 queries then be similarly useful? I could only detect 

I don't know... it bothers me a bit to think that for all of this, I need to fill in so many blanks to even come up with these questions; and that what's in the draft doesn't seem to let me find a clear answer for either of them.
I guess I advocate for maybe one simple example to get the point across.
If we had one, maybe that would also be the point to interject with a quick "And thus, cryptographic proof of inconsistencies SHOULD be sent in for review by a group of human judges", if that's what you advocate for (I really think it would be much neater if there could be more algorithmic preparation, such as clearly identifying 2 servers that seemed consistent and one that clashed with both of them, but this is highly subjective).

...and all of this is before we even go into possible consequences of detecting malfeasance and clearly identifying a culprit. 

Your point about not being too prescriptive in advance is taken, I guess.
But someone somewhere needs to do the prescribing at some point. 
And being underly prescriptive carries its own risks.


Besten Gruß / Kind regards,
Kristof Teichel

__________________________________________

Dr.-Ing. Kurt Kristof Teichel
Physikalisch-Technische Bundesanstalt (PTB)
Arbeitsgruppe 4.42 "Zeitübertragung"
Bundesallee 100
38116 Braunschweig (Germany)
Tel.: +49 531 592-4471
E-Mail: kristof.teichel@ptb.de
__________________________________________


-----"Watson Ladd" <watsonbladd@gmail.com> schrieb: -----
An: kristof.teichel@ptb.de
Von: "Watson Ladd" <watsonbladd@gmail.com>
Datum: 03.09.2024 18:03
Kopie: "NTP WG" <ntp@ietf.org>, "Marcus Dansarie" <marcus@dansarie.se>
Betreff: [Ntp] Re: [NTP] Roughtime: Inadequate Explanation of Protocol's Unique Feature? (Question to all WG members)

On Tue, Sep 3, 2024 at 1:37 AM <kristof.teichel@ptb.de> wrote:
>
> @watson/ben: thanks for your replies
> Can the information about the ecosystem and reporting system be found anywhere else?
> Not necessarily about a server list or who runs them, but about how the logic works, how reporting should roughly be done, etc.?

First let me say I very much appreciate the effort you are spending on
improving the draft. It's very easy for me as author to think I have
explained things well when I have not. I think what I have in the
draft is there but is fairly telegraphic. A client queries multiple
servers, and through the chaining mechanism can determine if they give
inconsistent results (Section 4 and 9.2). When there is an
inconsistency the client reports, and we have a format for doing that
(might need more explication). When the client reports, and what
happens after is currently beyond scope.

I'm not sure what logic you are discussing. We certainly can put in
more examples and explanations of how having three causally related
measurements can impeach a server giving the incorrect time.
Ultimately though distrust comes about through human understanding of
which one was wrong.

> (If so, could you link to that?)
> Or are you saying it's okay for this to not be documented anywhere?

Part of the problem is that we do not have any such program operating
to describe, and being very prescriptive about things that don't yet
exist is a losing battle.

>
> Let's remember that this is Roughtime's supposed core technical feature.

I think roughtime has this feature and it's just a matter of
documentation. But we can't dictate the human bits come into
existence: they either will or will not, and will operate according to
their needs. Mozilla has a very different root program than Apple.

Sincerely,
Watson Ladd

>
> @ntp-wg: I was really looking for input on this from people who didn't have an active role in developing Roughtime.
> I ask you all again to provide a short opinion, please.

Yes, please chime in!

>
>
> Besten Gruß / Kind regards,
> Kristof Teichel
> (and Martin Langer)



--
Astra mortemque praestare gradatim

_______________________________________________
ntp mailing list -- ntp@ietf.org
To unsubscribe send an email to ntp-leave@ietf.org