IETF Logo Mail Archive

Re: [Ntp] Drafts on interleaved modes and correction field

Miroslav Lichvar <mlichvar@redhat.com> Tue, 31 October 2017 13:52 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4BF4139504 for <ntp@ietfa.amsl.com>; Tue, 31 Oct 2017 06:52:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2bKtF7ZdqBa5 for <ntp@ietfa.amsl.com>; Tue, 31 Oct 2017 06:52:50 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C718D1386DE for <ntp@ietf.org>; Tue, 31 Oct 2017 06:52:50 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6743C2D6E47; Tue, 31 Oct 2017 13:52:50 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6743C2D6E47
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=mlichvar@redhat.com
Received: from localhost (unknown [10.43.2.117]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A9885D6A3; Tue, 31 Oct 2017 13:52:49 +0000 (UTC)
Date: Tue, 31 Oct 2017 14:52:47 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: ntp@ietf.org, Aanchal Malhotra <aanchal4@bu.edu>
Message-ID: <20171031135247.GB7648@localhost>
References: <20171031090139.GD15597@localhost> <CABUE3XmV1sUvq0KAJVrQv1sZ8vK6R8GwR+qeO1huTUgnOdujfQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABUE3XmV1sUvq0KAJVrQv1sZ8vK6R8GwR+qeO1huTUgnOdujfQ@mail.gmail.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 31 Oct 2017 13:52:50 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/S8ejA6XLNoP0xO5T--oJY1N-6kQ>
Subject: Re: [Ntp] Drafts on interleaved modes and correction field
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 13:52:53 -0000

On Tue, Oct 31, 2017 at 01:53:52PM +0200, Tal Mizrahi wrote:
> Regarding the correction field draft: very interesting draft.
> 
> A few comments:

Thanks for the comments, Tal.

> 1. Section 3 says that the delay is the time difference between the end of
> reception until the beginning of transmission.
> 
>   It seems to make more sense to measure the delay as the beginning of
> reception until the beginning of transmission, because that is the actual
> delay of the packet in practice. BTW, this is also the way IEEE 1588
> measures the correctionField.

I think it should to be the same as what the clients and servers use,
otherwise it would create an asymmetric correction when switching
between different link speeds.

As I understand it, PTP assumes that all devices in the network
support PTP (as BC or TC), so it can take the simpler approch using
preamble timestamps for both TX and RX.

With NTP there is generally no HW support, so clients and servers
should use trailer RX timestamps and preamble TX timestamps to avoid
an asymmetric delay with different link speeds. The following document
explains the issue nicely.

https://www.eecis.udel.edu/~mills/stamp.html

Do you think it will be difficult to implement? If the link speed and
length of the packet is known, the timestamp can be transposed.

In any case, I guess this should be explained in the draft.

> 2. "TBD: Requirements on frequency accuracy of the clock."
> 
>    NTP does not define accuracy requirements, and I would suggest to
> refrain from defining these here as well.

Ok, I was not really sure how it would be specified.

> 3. "Delay Correction" - please consider using a format that is identical to
> the one defined in IEEE 1588.

Do you think it will be easier to implement that way? Using a
nanosecond field in NTP packets feels dirty to me :).

> 4. Section 2 - it would be great if you could clarify the fields "Receive
> Correction", "Transmit Correction", and "Origin Correction". Having read
> this section a couple of times, I could not figure out the units of these
> fields, how they are used, and the rationale of why these fields are
> required.

All these fields are in 1/(2^48) of a second. The receive and transmit
corrections are just extensions of the receive and transmit
timestamps. When put together they make fixed point numbers with 32
integer bits and 32 + 16 fractional bits.

The reason for a separate origin field is to allow the client to check
both values before they are applied. If the server adjusted its
timestamp instead, the client wouldn't know by how much and couldn't
limit the impact of a MITM attack.

The reason for a separate transmit correction is to support the
interleaved modes. The receive correction might not be necessary. If
you have a better use for the 2 octets, I think it could be dropped
and included in the origin correction instead.

> 5. "The device MAY update the checksum complement field in order to keep
> the UDP checksum valid."
>    Since this is a "MAY", please clarify the alternatives: either clear the
> UDP Checksum field (in IPv4 only), or recompute the UDP Checksum.

Good point.

> 6. Security considerations - I would point out that an attacker that
> tampers with the correction extension is (roughly) equivalent to a delay
> attacker in terms of the potential damage. Therefore, arguably there is no
> point in securing the correction extension. I would recommend to leave the
> correction extension out of the integrity protection. This possibility is
> mentioned on the second par of Section 7, but I would suggest to rephrase
> it to "this is what we recommend".

Ok, I'll do that.

> 7. Finally, one may consider a slightly different approach, where each hop
> along the path adds a separate extension field, representing the residence
> time of the current hop. Obviously this approach has some disadvantages,
> but the advantage is that it provides detailed information about the delay
> and delay variation in each hop. There is also potential to secure each
> extension field separately using its own HMAC. Something to consider...

I did briefly consider an approach like that, but it seemed to me
there are at least two issues:
- It may allow traffic amplification.
- The growing length of the packet may create an asymmetric delay,
  which I suspect could be completely avoided only in the case where
  all devices on the path support the correction field and preamble
  timestamps are used everywhere.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email