IETF Logo Mail Archive

Re: [Ntp] ntpv5 requirements

James <james.ietf@gmail.com> Fri, 10 February 2023 14:34 UTC

Return-Path: <james.ietf@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95EAC1516EA for <ntp@ietfa.amsl.com>; Fri, 10 Feb 2023 06:34:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPbR5wlPCBYS for <ntp@ietfa.amsl.com>; Fri, 10 Feb 2023 06:34:34 -0800 (PST)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0260EC15155B for <ntp@ietf.org>; Fri, 10 Feb 2023 06:34:34 -0800 (PST)
Received: by mail-ej1-x633.google.com with SMTP id rp23so16341274ejb.7 for <ntp@ietf.org>; Fri, 10 Feb 2023 06:34:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=FU4FWFldaEV0+h8AUblctOsQ5bhm+wgedCzfRS8YFSo=; b=E09l4pLf0D9uDX84VkK15qP5q7X4wgBjKbf+S8rUYet29YPS8qEVq5LwddwvfWqIu3 94vsqFVw85/6pUcJgUkqER/4//bAOVlcDi70Va9Q/4I4O7NWRmob+5sC1CPJNiQtJqaI 8GgXK/UbH3wrp+IShjtphLYr/bi0H4HRjJSSNdid3kht1KB/jIKfE3Tv3vGN7vtIyh1C NdIAA06dnfecPV3mjQ1uEz6X+yvZXhhxSl5WeKVgqlbPwT5CAx/tL/0y498WxJmN2SsR RKQ8JoGfQCVixvX2n4yOgnTjRCHiF3EKn+6ioyS2o17iRwb6v+CFrh3fcBUwrvHZ66oa 5l5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FU4FWFldaEV0+h8AUblctOsQ5bhm+wgedCzfRS8YFSo=; b=bbQ7mJZHaGVlpZDdVs8dlWvrLrrmtRukostrHfFcKAs5eYf7lIHXbbdIm1vkOlrqgs MmMWTH9hUYbqaX4aqHYjHeJLhVKOnNtcPIF3udhJ8vnYNUuPwL4DGxucfKXJozMtjJ5s 4bs5djQLTanjl7i5boMvb/ePztHnAbbDPTsMSLXBu1hWjziPU6029jD7fLioLYGEoCMm qjifukGGqs2SkzCEK7BBkhEmR2T6I4OH4DkiFmjkTIE8WulcvIEJ2parKbUZv0NNW/1m 9LlKWlgmItUxPeXsx2Rg/QM6Z+lVoH1n5efU03BEVvPSRHlBArB9aCBGC6NwMckl00m3 pbFw==
X-Gm-Message-State: AO0yUKVgQqJuxncDrps1xyhB/FfhqZgN3wSDqNL5pXCKmCo4//b2t/PH pHcpd2nzWTWKYVrh2A3vh+J2JSrR9hE=
X-Google-Smtp-Source: AK7set9QqMGZbArfdHujMi98Jdeqa+M24QnD/EG//8WgCfS+biOrMaky6rpwJ0Z+q71kkb9bEbiKSQ==
X-Received: by 2002:a17:907:a095:b0:8ae:465d:4c94 with SMTP id hu21-20020a170907a09500b008ae465d4c94mr10893239ejc.9.1676039672391; Fri, 10 Feb 2023 06:34:32 -0800 (PST)
Received: from smtpclient.apple (2a02-a468-ca02-2-c1ca-40ad-c553-dbe4.fixed6.kpn.net. [2a02:a468:ca02:2:c1ca:40ad:c553:dbe4]) by smtp.gmail.com with ESMTPSA id b15-20020a170906660f00b00871075bfcfesm2438760ejp.133.2023.02.10.06.34.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Feb 2023 06:34:32 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
From: James <james.ietf@gmail.com>
In-Reply-To: <DB8PR02MB5772E45732B25646F7CAE211CFD99@DB8PR02MB5772.eurprd02.prod.outlook.com>
Date: Fri, 10 Feb 2023 15:34:21 +0100
Cc: NTP WG <ntp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7021561E-5412-4AE6-92E0-65EE6FD205D7@gmail.com>
References: <DB8PR02MB5772E45732B25646F7CAE211CFD99@DB8PR02MB5772.eurprd02.prod.outlook.com>
To: Doug Arnold <doug.arnold=40meinberg-usa.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/S6qbhrDbjhVegroJCqDuBVSmRSk>
Subject: Re: [Ntp] ntpv5 requirements
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2023 14:34:37 -0000

Doug,

Thanks for the review, responses inline. I've committed a few changes as a result, they're in the Editor's Version in Github.

- J

> On 9 Feb 2023, at 18:18, Doug Arnold <doug.arnold=40meinberg-usa.com@dmarc.ietf.org> wrote:
> 
> Here are some suggestions for draft-ietf-ntp-ntpv5-requirements-01
>  Section 2
> The current standard for PTP is IEEE 1588-2019.
>  Some financial institutions and data centers use ntp rather than ptp not because they don’t need accuracy or can’t deploy ptp, but because they prefer it.  The reasons that they prefer it are familiarity, and a dislike of the BMCA in ptp.  I have heard of non-default algorithm ntpv4 implementations that achieve 50 ns time transfer accuracy in specialized financial networks.

JG: Thanks, could you please confirm doi:10.1109/IEEESTD.2020.9120376 is the correct identifier, I don't have access to IEEE documents to check and am guessing off the title and abstract. Thanks for the insight on data centres, I've added a bit more context based on what you've put here.

>  Section 3.5
>  Consider adding something like this sentence: “If a server implements leap second smearing, then it MUST indicate that smearing is active in the response message whenever it is active, and include all necessary information for the determination of TAI and UTC.”

JG: My position until now has been largely to avoid support for smearing. We've had a few rounds of discussion over the lifetime of this document and permitting it will only add another dimension of possible combinations of timestamps received and processed by clients, making things more complex particularly in circumstances where a client receives responses from multiple servers with/without smear. Furthermore if servers are transmitting smeared time, the client would also have to know what scale the smearing is running at or we have to define requirements of what smearing scale must be used in the protocol, further affecting implementation complexity having to try and "reverse engineer" the necessary calculations to derive TAI for example.

I think there's a WG consensus call to be made here before support for it should be included in the document.

>  Section 3.8
>  Consider adding something like this sentence: “The protocol SHOULD allow for different mechanism for authentication and confidentiality to support different use cases.”
>  For example: Judah Levine at NIST recently told me that he cannot implement NTS with his current server resources and the number of clients NIST supports.  However, when I told him about TESLA he thought a scheme based on that would be doable, as long as the keys didn’t have to change too often.

JG: I agree with supporting different forms of authentication and confidentiality (and it's why I specifically abstain from mentioning NTS). I've added a version of this sentence, but I think it could use some refinement to better fit into the surrounding text, and also important to make a distinction that at least one form of authentication is required, so deployments are not compelled to use NTS where it's not suitable like you describe. As a side note, I'm not sure TELSA is suitable in non-broadcast use cases, but there may be ways to make it work or for newer ideas to come about in the future.

> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email