Re: [Ntp] Antw: Re: Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts

Heiko Gerstung <heiko.gerstung@meinberg.de> Wed, 28 August 2019 13:32 UTC

Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C32A512013F for <ntp@ietfa.amsl.com>; Wed, 28 Aug 2019 06:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.289
X-Spam-Level:
X-Spam-Status: No, score=-4.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G61vR9HU8wkX for <ntp@ietfa.amsl.com>; Wed, 28 Aug 2019 06:32:23 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08264120142 for <ntp@ietf.org>; Wed, 28 Aug 2019 06:32:23 -0700 (PDT)
Received: from srv-kerioconnect.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id E518D71C01DD; Wed, 28 Aug 2019 15:32:18 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.2 server1a.meinberg.de E518D71C01DD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=meinberg.de; s=mail201101; t=1566999141; bh=Fvj8VzBIWRoahfkbh0ZrJGQUJA+XkzptqKhHasIoeqY=; h=Date:Subject:Message-ID:References:In-Reply-To:Mime-version:From: To:Content-Type:Content-Transfer-Encoding; b=o/qdmDxuOgMFx3VqevXOaqw2zYaKoG7+c9c3SmYuN9lvLtCygpIGu8yl8zsMfvXXh z4Tqal+0i6bYRF2bB5PnSA7xAT9ZlSbTzej5hMm5l/lTdUK2ONmiBRu5dwSTTeZBWh xsfe54ePD/MIiolCqhOitmGKbN4bA2Zs4KULYlNo=
X-Kerio-Anti-Spam: Build: [Engines: 2.15.9.1266, Stamp: 3], Multi: [Enabled, t: (0.000006,0.013126)], BW: [Enabled, t: (0.000007)], RTDA: [Enabled, t: (0.231967), Hit: No, Details: v2.7.53; Id: 15.1i6to20.1djc6qiph.dhd7o], total: 0(700)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/10.1c.0.190812
Date: Wed, 28 Aug 2019 15:32:16 +0200
Message-ID: <19264CCF-3EFB-4B05-9419-21B8C5B319F6@meinberg.de>
Thread-Topic: [Ntp] Antw: Re: Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts
References: <1B4A56E7-16A6-4767-9268-BCF4BEB9A247@isoc.org> <BCA949D7-7D92-43A9-9766-573559A9FC70@meinberg.de> <5D66392D020000A100033273@gwsmtp.uni-regensburg.de> <8F6BAF5F-CC7B-47B9-90FD-BD20D6ABE845@meinberg.de> <20190828103752.GI24761@localhost> <3f4b55ca-02d9-a470-229b-40860866efbf@nwtime.org> <20190828111458.GJ24761@localhost> <e50112dd-f918-1135-74c8-a738ecb70b70@nwtime.org> <55867E75-9813-466B-8E57-0E157DE5AEB9@meinberg.de> <1c374597-c431-9149-f655-d69d9b21b187@nwtime.org> <E58275AC-9EC8-46D7-B160-7F8F3EF1C817@meinberg.de> <5D6672CD020000A10003329F@gwsmtp.uni-regensburg.de>
In-Reply-To: <5D6672CD020000A10003329F@gwsmtp.uni-regensburg.de>
Mime-version: 1.0
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+MGQ3NGNiYTgyN2MxZTBhYw==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Ulrich Windl <ulrich.windl@rz.uni-regensburg.de>, "ntp@ietf.org" <ntp@ietf.org>, "stenn@nwtime.org" <stenn@nwtime.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.100.3 at server1a
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/MyoHUrxLA173MTBulOpfe8-dhtQ>
Subject: Re: [Ntp] Antw: Re: Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 13:32:26 -0000

Apologies for the more or less broken quoting style. Outlook is crap in this regard ..

On 28.08.19, 14:27 "ntp im Auftrag von Ulrich Windl" <ntp-bounces@ietf.org im Auftrag von Ulrich.Windl@rz.uni-regensburg.de> wrote:

    >>> Heiko Gerstung <heiko.gerstung@meinberg.de> schrieb am 28.08.2019 um 13:59
    in
    Nachricht <E58275AC-9EC8-46D7-B160-7F8F3EF1C817@meinberg.de>de>:
    > Harlan,
    > 
    > I asked why we would not want to improve the loop prevention mechanism, I do
    
    > not have a solution at hand which I sketched out in full detail already. But
    
    > here is a possibility that came to my mind just now, it certainly needs to
    be 
    > refined and checked and modified:
    > 
    > - create a random ID on each server at startup
    
    I'd add a "double-may" there: The ID MAY be random, and it MAY be re-created
    on each server startup.
    Maybe think of it like the driftfile that preserves some value across
    restarts.

OK, fine with me. 

    
    > - communicate that ID to each client which indicates (e.g. by an EF) that it
    
    > is interested in this information, for example if it wants to be a server 
    > itself (stratum 2+)
    
    Why not always add it?
    
Because as Miroslav already pointed out, most client-only implementations do not need it. 
    
    > - a tier-2 server uses that ID from its upstream server as its refID
    > - any server that is interested in degree n - loop detection will indicate 
    > this (using an EF, maybe something like the I-DO EF) to its upstream 
    > server(s)
    > - those servers respond with an EF containing a list of IDs representing the
    
    > sync chain, maybe limited to n entries (if the requesting client asks for 
    > only n entries)
    > - now, if this server which received the chain of IDs from its upstream 
    > server(s) now is questioned by one of its downstream clients about the chain
    
    > of sync, it will add the RefID of its upstream servers to the sync chain 
    > received by that upstream server and push this down to the client
    > 
    > This way, those clients interested in only degree 1 loop protection just use
    
    > the RefID field. And those who are interested in degree n loop protection
    can 
    > request the chain of IDs from their upstream servers. 
    > 
    > The freedom to change the packet header format would allow us to increase 
    > the number of bytes for the RefID to improve security (more bytes, harder to
    
    > guess). 
    > 
    > We have had cases where a server A was synchronized by server B which was 
    > synchronized by server C. Server C also used Server D which was synchronized
    
    > by Server A, i.e. whenever your client believes it has more than one source
    
    > of time and it turns out that all of them go back to one single source. 
    > Adding non-randomized IDs like "GPS" to the sync chain (by the stratum 1 
    > server) would also allow the clients to identify if they are relying on one
    
    > single source of time, which in turn would make it possible to choose
    another 
    > server with a different source (like Galileo) instead.
    
    So this applies only to stratum-1 servers (which had spacial refIDs anyway).

No, the whole sync chain thing would be applicable to all servers, not only stratum 1's. I just wanted to point out that you can avoid using the same root source of time with the stratum 1 servers creating the sync chain by just initializing it with a standardized RefID (like "GPS") referring to their non-NTP source. That way, a client could avoid using three servers all taking their time from GPS and then get hit by the same spoofing attack. 

    What about having a "normal" REFID for stratum 1 servers, and adding a
    mandatory "reference source class" (like "GPS", "Gallileo" (note the extra
    length!), "NTP" (for stratum > 1), "DCF-77", etc? (Or even do it the GPT-way:
    Allocate UUIDs (well, GUIDs will do as well) for all known reference clock
    sources?)

Yes, why not. And yes, I took notice of the longer RefID value ;-) ...

    And if you like splitting hairs, you could have different IDs for the "time
    source" (like TAI), the "time carrier" (like GPS) and the "time access point"
    (effectively the interface providing GPS time) like "Product X from Vendor Y
    with further details Z"...
    So if a specific product has a bug, you could filter it; if a specific carrier
    has a problem, you could filter it, and if you distrust some source, you could
    filter it... ;-)

Yep!

Regards,
    Heiko



    
    Regards,
    Ulrich
    
    > 
    > Best Regards,
    >    Heiko
    > 
    > 
    > -- 
    > Heiko Gerstung 
    > Managing Director
    > 
    > MEINBERG® Funkuhren GmbH & Co. KG
    > Lange Wand 9
    > D-31812 Bad Pyrmont, Germany
    > Phone:    +49 (0)5281 9309-404
    > Fax:        +49 (0)5281 9309-9404
    > 
    > Amtsgericht Hannover 17HRA 100322
    > Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre 
    > Hartmann, Heiko Gerstung
    > 
    > Email:
    >  heiko.gerstung@meinberg.de 
    > Web:
    >  Deutsch   https://www.meinberg.de 
    >  English    https://www.meinbergglobal.com 
    > 
    > Do not miss our Time Synchronization Blog:
    >  https://blog.meinbergglobal.com 
    > 
    > Connect via LinkedIn: 
    > https://www.linkedin.com/in/heikogerstung 
    >  
    >  
    > 
    > On 28.08.19, 13:38 "ntp im Auftrag von Harlan Stenn" <ntp-bounces@ietf.org
    
    > im Auftrag von stenn@nwtime.org> wrote:
    > 
    >     
    >     
    >     On 8/28/2019 4:23 AM, Heiko Gerstung wrote:
    >     > Why not define a method in v5 that not only protects against degree 1
    
    > loops but maybe also against degree 2,3 or n? 
    >     > 
    >     > This is what I meant when trying to explain that we should not stick
    to 
    > the existing packet format with its shortcomings.
    >     
    >     Exactly how would this work?
    >     
    >     Has there been any reported instances of this being useful or needed
    for
    >     NTP?
    >     
    >     What abuse vectors would this create?
    >     
    >     > Regards,
    >     >    Heiko
    >     > 
    >     
    >     -- 
    >     Harlan Stenn, Network Time Foundation
    >     http://nwtime.org - be a Member!
    >     
    >     _______________________________________________
    >     ntp mailing list
    >     ntp@ietf.org 
    >     https://www.ietf.org/mailman/listinfo/ntp 
    >     
    > 
    > 
    > _______________________________________________
    > ntp mailing list
    > ntp@ietf.org 
    > https://www.ietf.org/mailman/listinfo/ntp 
    
    
    
    _______________________________________________
    ntp mailing list
    ntp@ietf.org
    https://www.ietf.org/mailman/listinfo/ntp
    



-- 
Heiko Gerstung 
Managing Director

MEINBERG® Funkuhren GmbH & Co. KG
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Phone:    +49 (0)5281 9309-404
Fax:        +49 (0)5281 9309-9404

Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung

Email:
 heiko.gerstung@meinberg.de 
Web:
 Deutsch   https://www.meinberg.de
 English    https://www.meinbergglobal.com

Do not miss our Time Synchronization Blog:
 https://blog.meinbergglobal.com 

Connect via LinkedIn: 
https://www.linkedin.com/in/heikogerstung