Re: [Ntp] Alternative NTP port
Ragnar Sundblad <ragge@netnod.se> Mon, 06 April 2020 17:08 UTC
Return-Path: <ragge@netnod.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D57F3A0B2F for <ntp@ietfa.amsl.com>; Mon, 6 Apr 2020 10:08:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netnod-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29eeGQArZlpI for <ntp@ietfa.amsl.com>; Mon, 6 Apr 2020 10:08:19 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8876B3A0B19 for <ntp@ietf.org>; Mon, 6 Apr 2020 10:08:19 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id q19so462453ljp.9 for <ntp@ietf.org>; Mon, 06 Apr 2020 10:08:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netnod-se.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LnS9binG6aqRMBg4E3yPYnk99E8xgi734V2KDP+KZ2k=; b=fmcK8Do68yrsuPDlAr7n2Yt3BmwmJIVgSZ3EMZ9N7naWNwZAv/P7NnAK8D7W7H5Hgd A9SWVukX3dqpYw8ohUaEhPHZ58YJ0HgQMG0Hjew5+ez2IrdwqkcIjt+uD1fgi6FLI4HY DbJdQC4yeyWmMgu6MiWbSgnVRMdbRvVgy0ygBntwe6llK8KP0v9s5h6zPu7ghNN65sDl vkNJGj1M+hv/DigeSy8fDlbZAqtmIWXfkvO7SRwCT1TilUENd5sg6MbOaR4Fi7yNtMY6 gH6p0XZXlyy+uMAUsAWpzwmSVJD97yqCDRrvSL0rnK83l67xIIZ3OdMwOpFr7M3y8JQC R6Ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LnS9binG6aqRMBg4E3yPYnk99E8xgi734V2KDP+KZ2k=; b=tWUgJcKN9SPa1BF6GVKi+T+l0x5G6AWnXBhp1CDOsjSfmTeBYW96NM9saw0npM5Cjm jTGyNmzNGBoz2U8xQ57ea/WUf9Lr+XmQuP+RgXH69jtCn6yrk5vQHepZCuMLZzKwMG4t 8/4xXoCqauU/5fOMsDx1IXxMFooB4LUwnCHmKLYuP3ev9kLE2Xg2xHAt/XKyvYuc2seL Ns5T35XMJgtbIDhDyBxkdC8afkVcubB46C7ztOYk6JdG7TPZC2IajI02dP/tBVs65RjP X//LTAUUi0p/+JR+Gji/FHCbmcm/RkcluiZP3UF1x2cldL4aePa8/h+DQhVALfW1Yt9S q+UA==
X-Gm-Message-State: AGi0PuaVHO5ZJtAHAX7QibTUqx0kO9lGyu2qtrPWrpGc/6aQv90DOzyx +rmogB30ZxxGvV886rvcbWXtNw==
X-Google-Smtp-Source: APiQypKVYhCrPltEf/DIfcwPvGCMS4cMohh+c6SU0lHXroEdh9XKKW/I9pkshdxuGhdljEUtTU04Wg==
X-Received: by 2002:a2e:9cce:: with SMTP id g14mr133681ljj.161.1586192897396; Mon, 06 Apr 2020 10:08:17 -0700 (PDT)
Received: from [10.0.1.14] (h-122-211.A530.priv.bahnhof.se. [213.80.122.211]) by smtp.gmail.com with ESMTPSA id a11sm4723633lff.15.2020.04.06.10.08.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Apr 2020 10:08:16 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Ragnar Sundblad <ragge@netnod.se>
In-Reply-To: <20200406120705.GA8216@localhost>
Date: Mon, 06 Apr 2020 19:08:15 +0200
Cc: NTP WG <ntp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <453BB085-533F-4392-9F00-539F84FE770C@netnod.se>
References: <20200406120705.GA8216@localhost>
To: Miroslav Lichvar <mlichvar@redhat.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Pw9v1stxUqFlJpAOldc3Gz0ORAM>
Subject: Re: [Ntp] Alternative NTP port
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 17:08:22 -0000
Hi Miroslav, Thanks for your work! ( I had started to write one too. :-) ) I agree to what Daniel said on the WG meeting today, that the most important aspect of this port should be that it can not be used for traffic amplification. I think that is the right way to get back some trust from the ISP:s. Also, it should allow for newer versions of NTP, and they may not have the “mode” field at all. I still think the “mode” paragraph is good as an explanation for NTP version 1-4 though. I also want to raise the idea to add that implementations that allows for use of this port must make sure that they can not amplify traffic, even if they would be badly configured. The reason would again be to gain trust from the ISP:s. Best, Ragnar > On 6 Apr 2020, at 14:07, Miroslav Lichvar <mlichvar@redhat.com> wrote: > > I submitted a draft for the alternative NTP port. It is meant to be a > workaround for rate limiting and blocking of NTP packets which was > implemented in some networks as a mitigation for amplification > attacks. > > https://datatracker.ietf.org/doc/draft-mlichvar-ntp-alternative-port/ > > Comments and suggestions are welcome. > > -- > Miroslav Lichvar > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] Alternative NTP port Miroslav Lichvar
- Re: [Ntp] Alternative NTP port Ragnar Sundblad
- Re: [Ntp] Alternative NTP port Miroslav Lichvar
- Re: [Ntp] Alternative NTP port Dieter Sibold
- Re: [Ntp] Alternative NTP port Miroslav Lichvar