[Ntp] A different NTPv5 design
Miroslav Lichvar <mlichvar@redhat.com> Wed, 29 April 2020 14:45 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06B7B3A121A for <ntp@ietfa.amsl.com>; Wed, 29 Apr 2020 07:45:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L3=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOysnYSpHo-R for <ntp@ietfa.amsl.com>; Wed, 29 Apr 2020 07:45:47 -0700 (PDT)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF803A1218 for <ntp@ietf.org>; Wed, 29 Apr 2020 07:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588171546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KS3YD+QQ4EzVv8V971k0ZWrYryU+zjkZ5JWXz8f4n4o=; b=B38rDy4pDPoQ/zR9TKLmwkjtzjJN+ns7hSojS10t2q3ZEGr79ozQbruOTrMDKCgkLhWQrZ gfPrVqfhMpN0fkr2/GC02iRLty4r2vYwEg1KZ3TrnH1cSF66z77n6jBvOgh/fOQYyYkdHd UwicZHoE+YVhxzt8DFHnXMf/z1rTHWs=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-106-0MtBXWtoPCWgHgAYCdTXZw-1; Wed, 29 Apr 2020 10:45:43 -0400
X-MC-Unique: 0MtBXWtoPCWgHgAYCdTXZw-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0A3632CF for <ntp@ietf.org>; Wed, 29 Apr 2020 14:45:43 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B8DC5D9D3 for <ntp@ietf.org>; Wed, 29 Apr 2020 14:45:42 +0000 (UTC)
Date: Wed, 29 Apr 2020 16:45:40 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: ntp@ietf.org
Message-ID: <20200429144540.GD8457@localhost>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/R_5ofI1iWJcGO1IsRZqaKLGdRe4>
Subject: [Ntp] A different NTPv5 design
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 14:45:49 -0000
I thought I should propose a more conservative design for NTPv5 than what Daniel posted few weeks ago. It's an evolution of NTPv4, following the "If it ain't broke, don't fix it" rule. It uses some ideas from the Daniel's proposal and I think it addresses the same set of NTPv4 issues from the wiki page, but it still looks like the NTP everyone knows. Authentication is still optional. A minimal support can be easily implemented in existing NTP servers and other software/hardware that needs to work with NTP packets. Responding to NTPv5 requests with NTPv4 packets works as with the previous versions. The design is described here as changes to NTPv4. If people think they would support something like this, I can write it as a full draft. The draft would just specify the protocol. The algorithms would be expected to have a separate draft if there is a need to have (some of) them specified. Changes in packet structure --------------------------- - Packets cannot have a MAC field appended (it's replaced by an extension field) - Extension fields can be of any length, even indivisible by 4, but are padded to 4 octets (NTPv4 extension fields are compatible with NTPv5) - Servers ignore unknown extension fields and pad responses to the length of the request using a padding extension field (i.e. clients can rely on getting a useful response even when requesting an unsupported extension field) Removed fields in header ------------------------ - Reference ID is removed (replaced by an extension field) - Reference timestamp is removed (unused in NTPv4) Modified fields in header ------------------------- - Mode can have only a value of 3 (client) and 4 (server) - broadcast mode is less accurate and difficult to secure (leave this mode to PTP) - symmetric mode has security issues, is rarely useful and can be replaced with an (authorized) extension field requesting reversed synchronization using the client-server mode - monitoring and management protocols should use a different port - Leap indicator is set up to 14 days before the leap second - enough time for distribution, but no risk of leap seconds getting stuck between subsequent months - Poll value in a response is the minimum polling interval to be used by the client - Root delay and dispersion are shifted to left by 12 bits - resolution of ~4ns and maximum value of 16 seconds - Client requests follow the data minimization draft (with some modifications for the new fields) New fields in header -------------------- - Flags (5 bits) - Multi-message response - client indicates it's willing to deal with follow-up messages (valid cookie is required) - server indicates that a follow-up message may follow this message (i.e. the client should wait for more messages before processing the response) - Follow-up message - server indicates this is a follow-up message, which has a more accurate transmit timestamp. Multiple follow-up messages are allowed. All messages in the response are in the server mode and have the same length. - if the client gets a response with the multi-message or follow-up bit set, it waits for a message with the multi-message bit unset (e.g. for up to 10 milliseconds). It uses the latest transmit timestamp from the messages it received. As the receive timestamp of the response it can use the receive timestamp of the message which didn't have the follow-up bit set, or the timestamp of the first message it received (which had the shortest delay). - (Interleaved mode, which has the opposite memory/bandwidth tradeoff to the multi-message response, could be requested with a separate flag, or it could use the origin timestamp as before) - Timescale (3 bits) - client selects the timescale (UTC, TAI, UT1, leap-smeared UTC,...) for timestamps in the response - server responds in the requested timescale, or a different timescale if the requested one is not supported - Era (8 bits) - server provides the NTP era of the receive timestamp, which extends the unambiguous interval from ~136 years to ~35000 years - (clients can still have a hardcoded pivot date and ignore the era number to simplify the operations with the timestamps) - Timescale-specific field (16 bits) - with the UTC and TAI timescales server provides the TAI-UTC offset of the receive timestamp as a signed integer (0x8000 if unknown) - with a leap-smeared timescale it can be an identifier of the smearing function to enable a reconstruction of UTC/TAI - Cookie (64 bits) - server provides clients with a cookie tied to their address - client returns the latest cookie it received to enable a multi-message response - server key is rotated frequently (unlike in NTS) to shorten the interval when a leaked cookie can be exploited for amplification attacks Extension fields ---------------- - Padding - used for padding requests and responses - MAC - replacement for NTPv3/NTPv4 MACs - Reference IDs - requested by clients that operate as servers to get a set of reference IDs in order to avoid a synchronization loop - uses a bloom filter similarly to the Daniel's proposal - Correction field - modified by routers/switches to compensate for their processing and queuing delays - same or similar to the correction field proposed for NTPv4 - Monotonic timestamp - an extra receive timestamp (with a step counter) from a clock which has an unsynchronized phase and can be used for a frequency transfer in the selected timescale - similar to the recv field in the Daniel's proposal - not expected to be supported by all servers and clients NTPv5 packet format ------------------- 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |LI | VN |Mode | Stratum | Poll | Precision | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Root Delay | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Root Dispersion | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags |Scale| Era | Timescale-specific | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Cookie (64) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Origin Timestamp (64) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Receive Timestamp (64) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Transmit Timestamp (64) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Extension Field 1 (variable) . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Extension Field N (variable) . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- Miroslav Lichvar
- [Ntp] A different NTPv5 design Miroslav Lichvar