IETF Logo Mail Archive

Re: [Ntp] NTPv5 draft

Miroslav Lichvar <mlichvar@redhat.com> Tue, 08 December 2020 09:50 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B06F3A07DB for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 01:50:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQqvXGTEUmQh for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 01:50:53 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A9273A0811 for <ntp@ietf.org>; Tue, 8 Dec 2020 01:50:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607421052; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WYdhyzqxmACydA37VUZzMLdqOuWuUdrqZXjeDSPzwSs=; b=J3RTKfs6gip83Tm+yxgXCdZGo+wCRUXonNfjYRh5sbQWOL4jD2aDDEhO/iVPU5HykFmmeg JrNgOCQOUvVqScVpcl4uhs7qi+2XiiMZlDVBGopfGE4ClGfGOVV1P4GI0ZPwD2uLbH1wCE AItMnS1t6cEmZd9suvYgZq6wY4x7Kao=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-365-xmryHFKwPpGcaDUBnWKGmQ-1; Tue, 08 Dec 2020 04:50:50 -0500
X-MC-Unique: xmryHFKwPpGcaDUBnWKGmQ-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BC732879500; Tue, 8 Dec 2020 09:50:49 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E7D2D1F40D; Tue, 8 Dec 2020 09:50:47 +0000 (UTC)
Date: Tue, 08 Dec 2020 10:50:46 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "ntp@ietf.org" <ntp@ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>
Message-ID: <20201208095046.GT2352378@localhost>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost> <F62C1325-8409-474C-9650-FA96405D0F4B@gmail.com> <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com>
MIME-Version: 1.0
In-Reply-To: <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Qe114Ir3KzPFS1eoxgCMIg3dmmI>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 09:50:55 -0000

On Mon, Dec 07, 2020 at 04:38:43PM +0000, Salz, Rich wrote:
> My view is that it is no longer acceptable to design a protocol for deployment on the open Internet that has no authentication or message integrity and that people who disagree are out of consensus.

The NTPv5 draft does supports authentication. It is exactly the same
as in NTPv4. The message format is extensible. Multiple authentication
mechanisms can be supported. If NTS is found to be insecure or
something better comes along, it can be used in NTPv5. No need to
specify a new NTP protocol.

To me it sounds like some people here think that's a bad thing and
want NTPv5 to have NTS baked in or add some artificial restrictions to
make unauthenticated messages syntactically invalid. That makes no
sense to me.

If you propose something, there should be a technical explanation
provided.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email