IETF Logo Mail Archive

Re: [Ntp] Antw: Re: Antw: [EXT] Re: Quick review of WGLC for status change for draft-ietf-ntp-update-registries

Harlan Stenn <stenn@nwtime.org> Fri, 19 August 2022 09:14 UTC

Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE208C14CE2D for <ntp@ietfa.amsl.com>; Fri, 19 Aug 2022 02:14:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.105
X-Spam-Level:
X-Spam-Status: No, score=-6.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V3_Y-vKlO2FT for <ntp@ietfa.amsl.com>; Fri, 19 Aug 2022 02:14:46 -0700 (PDT)
Received: from chessie.everett.org (unknown [IPv6:2001:470:1:205::234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 568E8C1526F0 for <ntp@ietf.org>; Fri, 19 Aug 2022 02:14:46 -0700 (PDT)
Received: from [10.208.75.149] (071-084-168-128.res.spectrum.com [71.84.168.128]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4M8GKr69knzMP6h; Fri, 19 Aug 2022 09:14:40 +0000 (UTC)
Message-ID: <ee90589a-a06a-0f72-1a70-98a3702c2cce@nwtime.org>
Date: Fri, 19 Aug 2022 02:14:39 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0
Content-Language: en-US
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, mlichvar@redhat.com
Cc: "ntp@ietf.org" <ntp@ietf.org>, Heiko Gerstung <heiko.gerstung@meinberg.de>
References: <133C5633-E4D5-42AF-8215-E3FDE28C5BF9@meinberg.de> <a8109d2a-ca46-3e52-4ed3-2652c22c9d69@nwtime.org> <6AFCB82E020000327BE0EBB5@gwsmtp.uni-regensburg.de> <4CB5CC870200008B822C0D04@gwsmtp.uni-regensburg.de> <60C367EE020000A986EDC2A6@gwsmtp.uni-regensburg.de> <FEA2AE59020000BF822C0D04@gwsmtp.uni-regensburg.de> <BB908AD30200002F86EDC2A6@gwsmtp.uni-regensburg.de> <F0B7CB85020000F0822C0D04@gwsmtp.uni-regensburg.de> <62FB5EDB020000A10004C5CD@gwsmtp.uni-regensburg.de> <F7211617020000C9822C0D04@gwsmtp.uni-regensburg.de> <B01B5D8D020000786A6A8CFC@gwsmtp.uni-regensburg.de> <FE4B42EF020000DC822C0D04@gwsmtp.uni-regensburg.de> <43CEEC91020000736A6A8CFC@gwsmtp.uni-regensburg.de> <A20358250200004A822C0D04@gwsmtp.uni-regensburg.de> <4B86A8CD0200005A6A6A8CFC@gwsmtp.uni-regensburg.de> <6CAE8D93020000F1822C0D04@gwsmtp.uni-regensburg.de> <C1BDA73B020000676A6A8CFC@gwsmtp.uni-regensburg.de> <FDC487BF02000063822C0D04@gwsmtp.uni-regensburg.de> <62FF3948020000A10004C82F@gwsmtp.uni-regensburg.de>
From: Harlan Stenn <stenn@nwtime.org>
In-Reply-To: <62FF3948020000A10004C82F@gwsmtp.uni-regensburg.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/NNFo9Y5SRUjZO2p6FIk8ER1KECg>
Subject: Re: [Ntp] Antw: Re: Antw: [EXT] Re: Quick review of WGLC for status change for draft-ietf-ntp-update-registries
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2022 09:14:51 -0000

On 8/19/2022 12:18 AM, Ulrich Windl wrote:
>>>> Harlan Stenn <stenn@nwtime.org> schrieb am 18.08.2022 um 12:14 in Nachricht
> <a8109d2a-ca46-3e52-4ed3-2652c22c9d69@nwtime.org>:
> ...
>>
>> The code is/was open source.  MANY folks built it from source.
> 
> Harlan,
> 
> there are several points to comment on, but taking just this one above: What are you trying to say?
> AFAIR Dave Mills had the final hands on all changes of the clock algorithms. It seems you try to say "the public" is responsible for any mess in the code.

I think you're trying to put words into my mouth.

And the more I re-read your last sentence there, the worse you look to 
me.  Have you considered that your statements and POV might have more to 
say about you than they do about your target?

You also seem to be blaming me/us for not conveying 100% of whatever 
information might be important to somebody.

I believe we have responsibilities *to* others.  We do not have 
responsibility *for* others.

I do my best to avoid hiding information.  As several here will attest, 
I tend to get into trouble by conveying my perceptions of what is going on.

The NTP Project has always been open source, and has encouraged feedback 
and participation.

You may have heard me say (certainly in IETF NTP WG meetings) that "I am 
always happy to work with people of good character, who are competent 
and collaborative."

I do my very best to foster this sort of collaboration.

>> The code was in active production use.
>>
>> Changing the code would have caused interoperability problems with
>> deployed production (public) use.
>>
>> Nobody else seems to have implemented full NTPv4, including autokey or
>> mode 6 (or mode 7).
> 
> Well, actually neither mode 6, not mode 7 were specified beyond the package format; I'm not even sure about mode 7.
> So interoparability between implementations would have been very questionable.

That seems disingenuous to me.

First, I'm not sure what you mean by "package format".  Next, the NTP 
Project's (open source) code has always been considered as a Reference 
Implementation.

One goal/purpose of a reference implementation is to provide "real 
working code" to help shed light in situations where the spec doesn't go 
far enough, or when somebody just wants to see one way to "get it done."

Next, for a very long time, there were very few alternate 
implementations.  And of those, NONE were offered as additional 
reference implementations.  Mostly because they only implemented the 
parts they cared about.

> BTW: I think mode 6 in NTPv5 needs the ability to switch formats, and I suggest to implement JSON, because it's a rather simple and compact format (as compared to XML for example). The the system should change from formatting texts in the server to formatting the text lines from JSON in the client. So eventually more narrow or wider terminals could be used, and parsing the results by a program could be made much more reliable.
> 
> ...
>>> So you are ok with the client getting different data in different
>>> units than it expects, assuming it doesn't do anything important with
>>> this it anyway.
>>
>> "assuming it doesn't do anything important with" the data, yes.  By your
>> definition, nothing important is being done.
> 
> Well two different points of view.

What different points of view?

> While talking on units and mode 6: In NTPv4 the stability (clk_wander) is limited to microseconds (three fractional digits of milliceconds); for GPS-synced clocks that value is 95% of the time between 0 and 1.  The precision of the values is nowhere specified...

You're complaining about the displayed field size.

The value of clk_wander comes from the clock_stability variable, which 
is a double.

The bits are there, it's just that in the default format you're not 
seeing as many as you'd like.

>>
>> I have seen ZERO evidence of "real" v1 NTP packets traversing the net.
>> I *believe* (and this has yet to be disproven) that people are sending
>> v[234] packets with a version field that says "1".  That's not a v1 packet.
> 
> But how do you _know_? I guess you _suspect_.

I'm in no position to look at anything other than a small fraction of 
internet traffic.

But given everything I have seen and observed (including the lack of 
email or bug reports) on this matter and considering that the "lifetime" 
of NTPv1 ended sometime around November of 1989, I'm pretty comfortable 
with my statement.

To return the favor, how do you _know_ my position might be incorrect? 
Do you even _suspect_ it's incorrect?

>>
>> I have seen ZERO reports or emails where folks have said "We're running
>> real ntpv2 and are trying to get time from v3 and/or v4 servers, and we
>> have a problem because the v3/v4 servers are replying with different
>> data in the 2nd and 3rd words of the packet."
> 
> I'm afraid people doing stupid things hardly ever admit in public that they do.

They often do if something is broken and they want it to work...

And just like the v1 discussion above, the lifespan of v2 was from late 
1989 until June of 1993.

Perhaps somebody has some ancient email archives we can search for this.

Better yet, I can get you an ntp2 tarball and you can try it out and 
report back.

>> So how can you justify saying this incompatibility is "significant"?
> 
> I'm afraid this is not about a problem, but about a point of view...
> 
> ...

So please describe how this alleged {difference in POV that is not about 
a problem} is an actual problem.

>>
>> Can you (or anybody else) show that the differences and evolution of NTP
>> over the initial and v1-v4 efforts resulted in ANY
>> significant/non-trivial upgrade or interoperability issues?
> 
> Actually there were many. For example NTPv4 not supporting DES keys any more.

If you want DES keys, you can enable them.

> Autokey is another: First promoted, then deprecated.

But can still be used.

Are you complaining that this isn't "set it once and forget it"?

You must be very frustrated if you drive a car.  All that speeding up, 
slowing down, making turns...

So how is this thread from you actually significant?

>> Please compare this with what you envision when the gazillion deployed
>> pre-v5 implementations try and get time from a v5 (only) server.
> 
> I think it's unfair to criticize an implementation that does not exist yet. Not even a specification exists.
> 
> ...

You're mischaracterizing what I said again.

Please stop it.

There is no implementation for me to criticize.  I am criticizing the 
discussions I am seeing.

>> What % of v4 NTP packets on the internet (assuming that is the right
>> place to watch for this) use EFs?
> 
> I can remember times when you could query the Internet for NTP servers. Unfortunately there exist many servers that are not reachable publically. So it's a bit hard to guess what kind of packets are circulating globally.
> 
> ...

Then take a guess.  I'll give you a hint: the only generally available 
use of EFs for NTPv4 is Autokey.  People have been talking about how 
Autokey is insecure and should not be used for something like 10 years' 
time now.

I suspect it was a TINY fraction of NTP traffic, even during the ~10 
year window that AUutokey was usable.

>> No, it means that a v3 server will drop a v4 client request that has an
>> EF (even with a valid MAC).
> 
> A v3 server should drop any v4 request IMHO.

Feel free to implement this and make it available.

Better yet, spin up a 25 year old v3 server and point a v4 client at it, 
and a v4 server and point a v4 client at it, and see how well they each 
do.  Let us know what you learn.

>>
>> What you are advocating for is REDUCED service, for no good reason.
> 
> Sometimes denying a request can be preferable to serving the request badly.
> 
> ...

Sure.  But what about in this case?  Do you _know_ it's better in this 
case, or do you _suspect_ it?

>>> When v5 is widely supported, the default can be changed to start with
>>> v5 and maybe fall back to v4 if the server is not responding.
>>
>> I recall your previous content described that v5 servers should just
>> drop v4.
> 
> I'd say: s/should/may/

We're back to your local policy choice, when the discussion is about 
mechanism and what folks SHOULD/MUST do.

>> Now you are saying that one should not implement a server that is solely v5.
> 
> See above.
> 
> ...
>>> If I showed you a working NTPv5 server and client, would that change
>>> your mind?
>>
>> I sure don't have the time to poke at it.  But if it got even 10% of the
>> scrutiny and effort that even ntpv4 got before it was turned in to a
>> Standard I'd be satisfied.
> 
> You are getting hypothetical, and I think that's not fair:
> The efforts to get the code done is probably much more than looking at it.

Back at ya.  How many of your points above are hypothetical?

And how is what I wrote hypothetical?  Each NTP release has gone thru 
TONS of testing to make sure it behaves as-expected in a very wide 
variety of circumstances.  OK, I don't *know* this, but Dave has said it 
many times, and I have never had a reason to doubt his word.

As I said, if the v5 code gets even 10%  of the scrutiny ...

> Regards,
> Ulrich
> 
>>
>> -- 
>> Harlan Stenn <stenn@nwtime.org>
>> http://networktimefoundation.org - be a member!
> 
> 
> 
> 

-- 
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org - be a member!

v2.23.0 | Report a Bug | By Email