IETF Logo Mail Archive

Re: [Ntp] An NTPv5 design sketch

Miroslav Lichvar <mlichvar@redhat.com> Tue, 14 April 2020 15:52 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AFE83A0AF8 for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 08:52:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sfty1p1KhVa9 for <ntp@ietfa.amsl.com>; Tue, 14 Apr 2020 08:52:53 -0700 (PDT)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EB4B3A0ACE for <ntp@ietf.org>; Tue, 14 Apr 2020 08:52:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586879567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y76uLp36O3NqilQmnlrNJTuBDRoQPOuV8McxUDlkZMk=; b=ZqoXLcaMm3sH+E4eVQe44M+L3hpppAxJf5RYrom6ligBsh7L2jWAYSTZsOsiO6lnVlemdm ETEd+Aj6SvtB5D9/0/WaKk0bjv5aotbL2XzolxngHAclHl0+rkTE32wINNFxdNKAkw6F5n pE8UepqZgUQTu/X7I6F74YxWP5U0A54=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-15-gvOY4kiKODigk5-JV-b0xQ-1; Tue, 14 Apr 2020 11:52:44 -0400
X-MC-Unique: gvOY4kiKODigk5-JV-b0xQ-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6DB7F1402; Tue, 14 Apr 2020 15:52:43 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AD76460BEC; Tue, 14 Apr 2020 15:52:42 +0000 (UTC)
Date: Tue, 14 Apr 2020 17:52:41 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: NTP WG <ntp@ietf.org>
Message-ID: <20200414155241.GF1945@localhost>
References: <CAJm83bBV+Pox3r6KU49ShwMOvr=R+U_vDKJtSZhfT6XX4qWmbA@mail.gmail.com> <20200414112541.GD1945@localhost> <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAJm83bCxuS_X68-pvpOWCPSmjAjTeYNJVuuOEhV-i82R7B28Mg@mail.gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/S9UVbxztTleBxmxXSNSk9uuRbLU>
Subject: Re: [Ntp] An NTPv5 design sketch
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 15:53:04 -0000

On Tue, Apr 14, 2020 at 11:02:14AM -0400, Daniel Franke wrote:
> On Tue, Apr 14, 2020 at 7:25 AM Miroslav Lichvar <mlichvar@redhat.com> wrote:
> > The main issue for me will probably be the dependency on NTS (and
> > TLS). I don't think that will work for many clients if NTPv5 is
> > supposed to replace NTPv4.
> 
> What do you think is the obstacle? Code footprint? There are TLS
> stacks that fit in as little as 20k.

A minimal NTP client is less than a hundred lines of C code and can
run on any CPU/microcontroller.

TLS has a much larger attack surface.

> In applications where even that's
> is too much you're probably not fully implementing NTPv4 either and
> just doing some brain-dead one-shot SNTP deal, and for that NTPv4 is
> fine; there's nothing to improve upon.

Is NTPv5 not meant to obsolete NTPv4? Even if not, the new features of
NTPv5 may be useful to clients that cannot or won't support TLS.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email