IETF Logo Mail Archive

[Ntp] Antw: [EXT] Re: An NTPv5 design sketch

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Mon, 20 April 2020 11:54 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 737F23A0BEF for <ntp@ietfa.amsl.com>; Mon, 20 Apr 2020 04:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlp5rOP8byp4 for <ntp@ietfa.amsl.com>; Mon, 20 Apr 2020 04:54:48 -0700 (PDT)
Received: from mx1.uni-regensburg.de (mx1.uni-regensburg.de [IPv6:2001:638:a05:137:165:0:3:bdf7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84C4C3A0B39 for <ntp@ietf.org>; Mon, 20 Apr 2020 04:54:40 -0700 (PDT)
Received: from mx1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 6A2CF6000057 for <ntp@ietf.org>; Mon, 20 Apr 2020 13:54:36 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx1.uni-regensburg.de (Postfix) with ESMTP id 50E2F600004E for <ntp@ietf.org>; Mon, 20 Apr 2020 13:54:36 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 20 Apr 2020 13:54:36 +0200
Message-Id: <5E9D8D7B020000A10003864C@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Mon, 20 Apr 2020 13:54:35 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost> <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com> <20200416082557.GI1945@localhost> <17898_1587058469_5E989725_17898_95_1_CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40-VFmjTQ8Jg@mail.gmail.com>
In-Reply-To: <17898_1587058469_5E989725_17898_95_1_CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40-VFmjTQ8Jg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Oa7jraxelXW8dqEJq6JJ4NOnvT8>
Subject: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 11:54:55 -0000

>>> Daniel Franke <dfoxfranke@gmail.com> schrieb am 16.04.2020 um 19:34 in
Nachricht
<17898_1587058469_5E989725_17898_95_1_CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40-
FmjTQ8Jg@mail.gmail.com>:
> On Thu, Apr 16, 2020 at 4:26 AM Miroslav Lichvar <mlichvar@redhat.com>
wrote:
>> The device may be very simple. It may not have an OS and NTP may be
>> the only networking it does. It could be measuring intervals in a
>> physics experiment, or controlling a robot in a factory. Consider
>> where and why PTP originated and that NTPv5 with its correction field
>> might be usable there too.
> 
> I remain skeptical that systems actually exist, even in these domains,
> where unprotected NTPv5 would be a good solution but NTPv5 with NTS
> would not be. I've forwarded this thread to a friend who has done a
> great deal of work with systems of this nature so that she weigh in
> further. At any rate, I second Doug Arnold that if a use case is
> already well‑served by PTP, then complicating NTPv5 on their behalf is
> not solving anyone's problem.

Yes, beware of "feature-ism" (adding more and more non-essential features)

> 
>> Protected responses need to be handled in the same way as unprotected
>> responses. You never know if the server isn't compromised and trying
>> to attack you.
> 
> I think you've misunderstood me here. I'm not talking about cases like
> "don't do an out‑of‑bounds read if the length field is longer than the
> actual packet length" which yes, need to be handled regardless. I'm
> referring to handling NTS stripping attacks and making sure you don't
> accept an unprotected packet from a source that should only be sending
> protected ones.
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org 
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email