Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf-ntp-using-nts-for-ntp-24: (with DISCUSS and COMMENT)
Mirja Kuehlewind <ietf@kuehlewind.net> Sun, 22 March 2020 18:16 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CCD53A0987; Sun, 22 Mar 2020 11:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZGOUl9s44dxm; Sun, 22 Mar 2020 11:16:15 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 433373A0984; Sun, 22 Mar 2020 11:16:15 -0700 (PDT)
Received: from p200300dee7239a007961e4d1ac1a08c3.dip0.t-ipconnect.de ([2003:de:e723:9a00:7961:e4d1:ac1a:8c3]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1jG58v-0003XA-1r; Sun, 22 Mar 2020 19:16:13 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <B3905C68-7BEA-4AAC-B9D3-5758FC9E9937@netnod.se>
Date: Sun, 22 Mar 2020 19:16:12 +0100
Cc: ntp-chairs@ietf.org, ntp@ietf.org, Karen O'Donoghue <odonoghue@isoc.org>, The IESG <iesg@ietf.org>, draft-ietf-ntp-using-nts-for-ntp <draft-ietf-ntp-using-nts-for-ntp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F2D7A344-0626-438E-8633-FD0609415B54@kuehlewind.net>
References: <158462341321.13445.5821064113812671218@ietfa.amsl.com> <91fec277-2063-c0f4-df4a-b710a7d318b2@dansarie.se> <B3905C68-7BEA-4AAC-B9D3-5758FC9E9937@netnod.se>
To: Ragnar Sundblad <ragge@netnod.se>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1584900975;0c002c0d;
X-HE-SMSGID: 1jG58v-0003XA-1r
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Mo7Ypo11cKqqfQGQMqtbsraOidY>
Subject: Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf-ntp-using-nts-for-ntp-24: (with DISCUSS and COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2020 18:16:18 -0000
Hi Ragnar, Sorry it seems I missed you initial reply. Just quickly some replies on my discuss comments. I will have another look tomorrow at the rest. Please see below. > On 22. Mar 2020, at 17:31, Ragnar Sundblad <ragge@netnod.se> wrote: > > > Hello Mirja, > > Thank you again for your work on reviewing the draft. > Here is an update from the latest draft. > > Best regards, > Ragnar > > On 19 Mar 2020, at 18:41, Marcus Dansarie <marcus@dansarie.se> wrote: >> Hi Mirja! >> >> Thank you for your work in reviewing the draft. We have carefully gone >> over all your comments and DISCUSS points. Each of them is addressed below. >> >> Kind regards, >> Marcus Dansarie >> >> On 2020-03-19 14:10, Mirja Kühlewind via Datatracker wrote: >>> Mirja Kühlewind has entered the following ballot position for >>> draft-ietf-ntp-using-nts-for-ntp-24: Discuss >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>> for more information about IESG DISCUSS and COMMENT positions. >>> >>> >>> The document, along with other ballot positions, can be found here: >>> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ >>> >>> >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> Two rather small and hopefully quick-to-address points that I think must be >>> clarified before publication of this spec: >>> >>> 1) Sec 5.7: "In that >>> case, it MUST be able to detect and stop looping between the NTS-KE >>> and NTP servers by rate limiting the retries using e.g. exponential >>> retry intervals." >>> Yes, rate limiting and exponential back-off is good here. However, you anyway >>> need to define a maximum number of retries (to actually make it stop atsome >>> point) and further given some recommendation for an appropriate rate limit >>> (e.g. initial retry after 3 seconds...?). >> >> The exact values of this are implementation and application dependent. >> What would be considered an acceptable value in one application may be >> unacceptable in another. Furthermore, specifying good and safe values >> for this would require operational experience that does not currently >> exist and probably will not exist until NTS has been in use for a long time. > > We have added some more recommendations in the latest version (third > paragraph from the end in Section 5.7). I sae that you added a maximum value recommendation. It would better/easier to implement if you provide an initial value and a number of retries. Can you make a proposal for that? > >>> 2) Sec 4.1.3: " Error code 2 means "Internal Server Error". The server MUST >>> respond with this error if it is unable to respond properly due to >>> an internal condition." >>> At least for this error, I think you need to specify what the client should do >>> on reception. Retry? Immediately? How often? Or wait for a while? >> >> Same reply as above. Similar as above it’s important to be more specific to avoid a situation where a “stupid” implementation just retries immediately and does that forever. The specification is incomplete if you don’t say anything here. Please add a recommendation! Mirja >> >>> ---------------------------------------------------------------------- >>> COMMENT: >>> ---------------------------------------------------------------------- >>> >>> In addition to Ben's discuss point on ports which I would also like to see the >>> answer to, one more question: My understanding is that the TCP port (123) for >>> NTP is not used and will likely never be used in future. Why are you not using >>> that port for NTS-KE, as NTS-KE is using TCP? >> >> As Harlan's reply to this comment indicates, there is WG consensus that >> NTS-KE should not use the TCP port reserved for NTP. It should also be >> noted that NTS-KE is not a protocol exclusively meant for NTP. >> >>> A couple more small questions: >>> 1) Sec 4.1.3: >>> "The Critical Bit MUST be set." >>> If you set the Critical Bit for error records, that would only mean that a >>> receiver could send another error in response to that error which again has the >>> critical bit set which then could cause another error, and it would go on >>> forever. Yes, this case should never happen as all its-ke implementations must >>> support error records but maybe it's safer to just not set the critical bit? >> >> An error record loop between client and server is impossible in NTS-KE >> for two reasons: First, error records are only allowed to be sent from >> server to client. Second, client and server only send a single request >> or response per NTS-KE session, see the first paragraph of Section 4. >> >>> 2) Sec 4.1.4: I don't really understand the idea of the Warning record. There >>> are no code points defined and there is no explanation given what this could be >>> used for. Especially what should a client do that received a warning? Why is >>> the error record not sufficient? >> >> According to Section 4.1.4, a client which receives a warning code it >> does not recognize MUST treat it as an error. The warning record type is >> envisaged for future applications and experimental use. By creating a >> "Network Time Security Warning Codes" registry, adding warning codes as >> needed in the future is significantly simplified. >> >>> 3) Sec 4.1.5: " If the NTS Next Protocol Negotiation record offers Protocol >>> ID 0 (for >>> NTPv4), then this record MUST be included exactly once. " >>> In this case, I guess the critical bit should/MUST be also set to 1? >> >> The reason for why the AEAD Algorithm Negotiation critical bit MAY be >> set, instead of SHOULD/MUST, is to ensure compatibility with future >> protocols which use NTS-KE, but not the AEAD Algorithm Negotiation record. >> >> As an example, consider a hypothetical future Hyper Rocket Toaster Time >> Transfer Protocol (HRTTTP) which uses NTS-KE, but utilizes some >> different (and currently undefined records). A client that performs a >> handshake with an NTS-KE server which only supports HRTTTP may send >> multiple protocol IDs in the NTS Next Protocol Negotiation record. If >> the client, for example, sends protocol ID 0 (NTPv4) and the protocol ID >> for HRTTTP, it must include the required other records for both >> protocols. If the client sets the Critical Bit of the AEAD Algorithm >> Negotiation record in this case, the server MUST respond with error code >> 0 and the negotiation will fail, even though it is semantically correct >> and it would have been entirely possible for the server to successfully >> respond with HRTTTP cookies. >> >>> 4) Sec 5.7: >>> "1280 octets is >>> the minimum prescribed MTU for IPv6 and is in practice also safe for >>> avoiding IPv4 fragmentation. Nonetheless, senders SHOULD include >>> fewer cookies and placeholders than otherwise indicated if doing so >>> is necessary to prevent fragmentation." >>> RFC8085 says "For IPv4, EMTU_S is the smaller of 576 bytes and the >>> first-hop MTU [RFC1122]." >>> Maybe it would be appropriate to note that. >> >> This issue was brought up by Suresh in his AD review. We then elected to >> keep the current text as is, since it refers to the general case, rather >> than the strict requirements of RFC 1122. > >
- [Ntp] Mirja Kühlewind's Discuss on draft-ietf-ntp… Mirja Kühlewind via Datatracker
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Harlan Stenn
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Mirja Kuehlewind
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Marcus Dansarie
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Hal Murray
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Harlan Stenn
- [Ntp] Antw: [EXT] Re: Mirja Kühlewind's Discuss o… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Mirja Kühlewind's Discu… Harlan Stenn
- Re: [Ntp] Antw: [EXT] Re: Mirja Kühlewind's Discu… Salz, Rich
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Ragnar Sundblad
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Mirja Kuehlewind
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Watson Ladd
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Ragnar Sundblad
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Mirja Kuehlewind
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Marcus Dansarie
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Mirja Kuehlewind
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Marcus Dansarie
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Ragnar Sundblad
- Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf… Mirja Kuehlewind
- [Ntp] Antw: [EXT] Re: Mirja Kühlewind's Discuss o… Ulrich Windl