IETF Logo Mail Archive

Re: [Ntp] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02

Hal Murray <halmurray@sonic.net> Wed, 08 December 2021 06:51 UTC

Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A7173A0AF2; Tue, 7 Dec 2021 22:51:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4m81ReUPrSC3; Tue, 7 Dec 2021 22:51:54 -0800 (PST)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCF143A0AF1; Tue, 7 Dec 2021 22:51:53 -0800 (PST)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (107-137-68-211.lightspeed.sntcca.sbcglobal.net [107.137.68.211]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 1B86pSBU022665 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 7 Dec 2021 22:51:28 -0800
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 69A0F28C065; Tue, 7 Dec 2021 22:51:28 -0800 (PST)
To: Danny Mayer <mayer@pdmconsulting.net>
cc: Hal Murray <halmurray@sonic.net>, touch@strayalpha.com, Magnus Westerlund <magnus.westerlund@ericsson.com>, ntp@ietf.org, tsvwg@ietf.org, Harlan Stenn <stenn@nwtime.org>, iana-port-experts@icann.org, draft-ietf-ntp-alternative-port.all@ietf.org, tsv-art <tsv-art@ietf.org>
From: Hal Murray <halmurray@sonic.net>
In-Reply-To: Message from Danny Mayer <mayer@pdmconsulting.net> of "Sun, 05 Dec 2021 12:11:22 -0500." <fbbe7c41-4b33-6c80-cb93-033c26f48548@pdmconsulting.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <93309.1638946288.1@hgm>
Date: Tue, 07 Dec 2021 22:51:28 -0800
Message-Id: <20211208065128.69A0F28C065@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVaLR5IUWIzkGxNmDoFisUQ9MNwjW9nCEE3vw+4fovRlxlmliSZNBNbymBuRKEsqKyBfgn8OY91qVpX2NbiwrAnfDzGJat77oYg=
X-Sonic-ID: C;QKjfRPNX7BGR2a6h84YYMw== M;pL4URfNX7BGR2a6h84YYMw==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/OZxjEGDQQoluDuj9gVxci8ggSsI>
X-Mailman-Approved-At: Wed, 08 Dec 2021 07:08:57 -0800
Subject: Re: [Ntp] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 06:52:00 -0000

> Why would that be? NTP has a port that is widely deployed.

Yes, and widely filtered.

> The same happened with EDNS0. Firewall administrators had to
> go in and adjust their filtering.

You said "firewall".  I've been using "filter".
I think of a firewall as something the local administrator controls.

The filters I'm interested in are undocumented.  Both location and
details of what they do are unknown.  They generally are located
"out there" someplace on a system that is not run by the ISP at
either end.


> They don't need to remove filters as much they need to change them. Are 
> you saying that the alternate port would not be filtered?

The filters I'm talking about are for UDP port 123 and usually
something about length and/or mode.

If NTP gets a new port it will start out unfiltered.  As long as we
don't screwup, there will be no reason to add filters for the new port.

v2.23.0 | Report a Bug | By Email