Re: [Ntp] NTPv5 draft
James <james.ietf@gmail.com> Tue, 01 December 2020 09:20 UTC
Return-Path: <james.ietf@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DF353A0E15 for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 01:20:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RXFEF-BDLcEQ for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 01:20:51 -0800 (PST)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13A2B3A0E14 for <ntp@ietf.org>; Tue, 1 Dec 2020 01:20:51 -0800 (PST)
Received: by mail-ej1-x62d.google.com with SMTP id f23so2647862ejt.8 for <ntp@ietf.org>; Tue, 01 Dec 2020 01:20:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=gnXM8SJ0Fwjfh9V9OLzVTpaD2h9zSfTlrpzbS74huJg=; b=nFKC0vIldylxWGjU73Xs1e6npxa/pkX/JDs9iVVh17Y4N3Af70ybYegjy4PzjZJsqT Mr5gX9ZXHD1ZHhPH+zIxrYeAFqcdXEm6tu8LYFnLcoX6aSdcljPvCSsuwhDVS9jpCVD/ 0Je0fgoAMfwPWF3Uz5jfmCTkn5P25207X02Q9iRbUCHW59sTNmsFBkZDqwAKltpVEDTJ 7yaGsbV57GPmQBasmKqRDio7b3nmeIyoWLD+AMi1YlHsuAzpbSoRN8bmJFUqAq9+/L9j kaPHBGBgK0/9UXQV4T/sxUW01fDIcMZ5gZows+uRYij9EIOBmfhxz2iyn3Hyn9O2/Okv 22bA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=gnXM8SJ0Fwjfh9V9OLzVTpaD2h9zSfTlrpzbS74huJg=; b=BaI11qNG4LbP51sWyy3B/mrumjzXxb5H5PeT+lufGsNc9kagVn/HD4AUEy5pPxMrew 7XA5Ydnqorkwln55GJyMMLF9R5KaTEATAx1oLF5rT8EslpnXgc06ZYy2tNZrt5HNJli4 DEjZZ0O7lIAjXSJkcXLqkgmd+ybtdNAOu33I0bjnMrrXb8aXzI/R6Uj5qbuzzJMUxGW3 +ph1rDLmxYyG+2qW3AMud5Z5UTtF+pkv2X/3R8pjqMm7U3u3hcUALC/kTFd1bvug5twd V6w6QUEL+pWm3HvS3q5BUzGJsNMmfN1DVgxwmWIszpAhrfoDmg+SzfUrhWTMAiEBPsoy GVHw==
X-Gm-Message-State: AOAM533rZGKvF3Q2WSIL19PwDocjC05AHYTvtH7K2TddkT31ZLGf7Und oJ4mSvij+CgYq6CDa8eM4+z3pZgjGpQmRw==
X-Google-Smtp-Source: ABdhPJxHVV0kCbSMHOqSLPftiCRJ5NVVyJ0yvwOO0gcQQoLMMOb3k+x5uVtD/OqjEfpxFTQXAr0Ykw==
X-Received: by 2002:a17:906:3ac2:: with SMTP id z2mr2029203ejd.26.1606814449247; Tue, 01 Dec 2020 01:20:49 -0800 (PST)
Received: from ?IPv6:2001:984:65b0:2:8c01:7e89:cf1d:d404? ([2001:984:65b0:2:8c01:7e89:cf1d:d404]) by smtp.gmail.com with ESMTPSA id dx10sm521664ejb.35.2020.12.01.01.20.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 01 Dec 2020 01:20:48 -0800 (PST)
To: Miroslav Lichvar <mlichvar@redhat.com>, Dieter Sibold <dsibold.ietf@gmail.com>
Cc: ntp@ietf.org
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost>
From: James <james.ietf@gmail.com>
Message-ID: <246642c8-18eb-d062-81bb-f6e6fa6f73e7@gmail.com>
Date: Tue, 01 Dec 2020 10:20:48 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <20201201081203.GB1900232@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-AU
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/PMO9mlaamF48IJL3x-kCV70Bia0>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 09:20:52 -0000
On 01-12-2020 08:12, Miroslav Lichvar wrote: >> I very much agree with Jame’s proposed draft that a new >> version of NTP must provide these mechanisms by default. Sure, you can add >> NTS to protect the NTPv5 packets. But in this case protection is always an >> optional add-on whereas it needs to be an inherent part of the basic >> protocol. To achieve this the NTS approach certainly can be transferred to >> the basic v5 protocol and packet format. > You mean to require all NTP packets to be authenticated? I don't like > that idea. The improvements in NTPv5 are orthogonal to authentication. > NTPv5 is not supposed to be more secure. An NTP client that doesn't > want to implement the complexity of NTS shouldn't be restricted to > NTPv4. Given that largest number of deployments of NTPv4 operate on public internet, if our intention is to have a protocol to supersede NTPv4 and solve the issues of those existing use cases, the protocol must provide mitigation to the existing threats of both server malfeasance and middlebox tampering and prevent downgrading that would enable either. NTS is not the only option and roughtime has shown it is possible to provide authentication primitives as a core part of the protocol without the larger overheads that a bolt-on requires. - J
- [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Steven Sommars
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft James
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTPv5 d… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTP… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Marcus Dansarie
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft kristof.teichel
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Christer Weinigel