IETF Logo Mail Archive

Re: [Ntp] Antw: [EXT] Re: Public NTP servers already responds to NTPv5

"Salz, Rich" <rsalz@akamai.com> Wed, 02 December 2020 16:48 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF8D63A14A8 for <ntp@ietfa.amsl.com>; Wed, 2 Dec 2020 08:48:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsSLqi3UC5ig for <ntp@ietfa.amsl.com>; Wed, 2 Dec 2020 08:48:31 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90DB23A14A3 for <ntp@ietf.org>; Wed, 2 Dec 2020 08:48:31 -0800 (PST)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 0B2GhvTZ009823; Wed, 2 Dec 2020 16:48:30 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=nXHpvb8fqIZKmAHtKmjwBDjoxPnu7y8vtE0RY5kPJWE=; b=Q4LWV9+lQNOPwJZBf7Qwohwwl4d/RURsAL4zipWvp/g5A5Muu+fVTcauTLWvpqTMKDlw yjyh3OxAOCeftxb/XDWfVlhzBgG47VQMq8qg21BCu75UAdX1MfzhgLIj7dVylJ7b2/C+ km6830BQW3ivmMYDbrj7fA3KEUsuCnZopsIwm0R2NqEoPkUogLu7fEgDiFYCxzQ4UkjL 9dCVuKskjAZdfnzshy5Eij5CaWv7PtVih96EdXpoLZd5XsgI2bxgLmOb+/MhvTO5luqJ nkP9mJVpgbemTcNarA2NfqPZ/Dv5q24RckN3jpxcqZBn4XSG+kJ0mg1XOd1HWJGHkiVH Cw==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 355v35510y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 02 Dec 2020 16:48:30 +0000
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 0B2GZ32F032170; Wed, 2 Dec 2020 11:48:29 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint8.akamai.com with ESMTP id 353js2wjbj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 02 Dec 2020 11:48:29 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Dec 2020 11:48:28 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.008; Wed, 2 Dec 2020 11:48:28 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "ntp@ietf.org" <ntp@ietf.org>
CC: "kurt@roeckx.be" <kurt@roeckx.be>
Thread-Topic: [Ntp] Antw: [EXT] Re: Public NTP servers already responds to NTPv5
Thread-Index: AQHWyCtMHSM+b1igTkyuM+zoj/LNmKnjUkuAgAB/kICAADO4gA==
Date: Wed, 02 Dec 2020 16:48:28 +0000
Message-ID: <745B4F03-78AA-4FB3-ADF1-B3D826F62AD9@akamai.com>
References: <20201201214534.AABF440605C@ip-64-139-1-69.sjc.megapath.net> <6c93ddee-2089-98e8-9099-cb083d083da0@ntp.org> <20201202084321.GT971977@roeckx.be>
In-Reply-To: <20201202084321.GT971977@roeckx.be>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.43.20110804
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <00893EEE212E50498247224537B7A47D@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-02_08:2020-11-30, 2020-12-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=922 phishscore=0 suspectscore=0 malwarescore=0 mlxscore=0 bulkscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012020097
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-02_08:2020-11-30, 2020-12-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 clxscore=1011 phishscore=0 mlxscore=0 impostorscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 adultscore=0 priorityscore=1501 bulkscore=0 mlxlogscore=838 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012020099
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.34) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint8
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/O0oHhqTAZYE3TnkTuFB_RPZaRis>
Subject: Re: [Ntp] Antw: [EXT] Re: Public NTP servers already responds to NTPv5
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 16:48:33 -0000

>    The only suggestion I have for that currently is do with TLS 1.3
    did and have an extension with the version number in it, and still
    have version 4 in the header.

As Kurt probably knows, TLS 1.3 kept the 1.2 version number because middleboxes got in the way. As a result, the TLS 1.3 handshake looks like a TLS 1.2 handshake. This was a relatively late change, only because Google did some experimentation and found that doing it the "obvious" way would have prevent TLS 1.3 from reaching 1% of the network.  (That number is from memory.)

NTPv5 should keep this in mind, and think of planning experiments if we deviate too much from looking like NTPv4.

v2.23.0 | Report a Bug | By Email