[Ntp] Antw: [EXT] Re: An NTPv5 design sketch
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Mon, 20 April 2020 11:54 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 737F23A0BEF for <ntp@ietfa.amsl.com>; Mon, 20 Apr 2020 04:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlp5rOP8byp4 for <ntp@ietfa.amsl.com>; Mon, 20 Apr 2020 04:54:48 -0700 (PDT)
Received: from mx1.uni-regensburg.de (mx1.uni-regensburg.de [IPv6:2001:638:a05:137:165:0:3:bdf7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84C4C3A0B39 for <ntp@ietf.org>; Mon, 20 Apr 2020 04:54:40 -0700 (PDT)
Received: from mx1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 6A2CF6000057 for <ntp@ietf.org>; Mon, 20 Apr 2020 13:54:36 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx1.uni-regensburg.de (Postfix) with ESMTP id 50E2F600004E for <ntp@ietf.org>; Mon, 20 Apr 2020 13:54:36 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 20 Apr 2020 13:54:36 +0200
Message-Id: <5E9D8D7B020000A10003864C@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Mon, 20 Apr 2020 13:54:35 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com> <20200414155241.GF1945@localhost> <CAJm83bC1EhwQQ=+B7XPbEkvhOWvxU8zjCd290Fj5N43aMJQTkg@mail.gmail.com> <20200415072023.GG1945@localhost> <CAJm83bAEDuLk6vSa82D3smXO4x7iDywoy+FpC=gdm=m3SLrVLg@mail.gmail.com> <20200416082557.GI1945@localhost> <17898_1587058469_5E989725_17898_95_1_CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40-VFmjTQ8Jg@mail.gmail.com>
In-Reply-To: <17898_1587058469_5E989725_17898_95_1_CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40-VFmjTQ8Jg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Oa7jraxelXW8dqEJq6JJ4NOnvT8>
Subject: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 11:54:55 -0000
>>> Daniel Franke <dfoxfranke@gmail.com> schrieb am 16.04.2020 um 19:34 in Nachricht <17898_1587058469_5E989725_17898_95_1_CAJm83bBBAwA9Da7aasneHV+JfVDOaT2j-Ymyem40- FmjTQ8Jg@mail.gmail.com>: > On Thu, Apr 16, 2020 at 4:26 AM Miroslav Lichvar <mlichvar@redhat.com> wrote: >> The device may be very simple. It may not have an OS and NTP may be >> the only networking it does. It could be measuring intervals in a >> physics experiment, or controlling a robot in a factory. Consider >> where and why PTP originated and that NTPv5 with its correction field >> might be usable there too. > > I remain skeptical that systems actually exist, even in these domains, > where unprotected NTPv5 would be a good solution but NTPv5 with NTS > would not be. I've forwarded this thread to a friend who has done a > great deal of work with systems of this nature so that she weigh in > further. At any rate, I second Doug Arnold that if a use case is > already well‑served by PTP, then complicating NTPv5 on their behalf is > not solving anyone's problem. Yes, beware of "feature-ism" (adding more and more non-essential features) > >> Protected responses need to be handled in the same way as unprotected >> responses. You never know if the server isn't compromised and trying >> to attack you. > > I think you've misunderstood me here. I'm not talking about cases like > "don't do an out‑of‑bounds read if the length field is longer than the > actual packet length" which yes, need to be handled regardless. I'm > referring to handling NTS stripping attacks and making sure you don't > accept an unprotected packet from a source that should only be sending > protected ones. > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] [EXT] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] [EXT] An NTPv5 design sketch Dieter Sibold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Daniel Franke
- Re: [Ntp] An NTPv5 design sketch James
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] An NTPv5 design sketch Miroslav Lichvar
- Re: [Ntp] An NTPv5 design sketch Doug Arnold
- [Ntp] Antwort: Re: An NTPv5 design sketch< kristof.teichel
- Re: [Ntp] An NTPv5 design sketch Salz, Rich
- Re: [Ntp] An NTPv5 design sketch Kyle Rose
- [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: An NTPv5 design sketch Doug Arnold
- [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 design s… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: An NTPv5 desi… Miroslav Lichvar