IETF Logo Mail Archive

Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt

James <james.ietf@gmail.com> Fri, 15 October 2021 18:39 UTC

Return-Path: <james.ietf@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE5FE3A097D for <ntp@ietfa.amsl.com>; Fri, 15 Oct 2021 11:39:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbR9UTVxKGHL for <ntp@ietfa.amsl.com>; Fri, 15 Oct 2021 11:39:29 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F11B43A0983 for <ntp@ietf.org>; Fri, 15 Oct 2021 11:39:28 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id d9so41363828edh.5 for <ntp@ietf.org>; Fri, 15 Oct 2021 11:39:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=0x7GqjHIvHPfbvGXEECEgdP3D46doylkqLpnrVY4cbU=; b=ZRijqflDdz4CD/Aim3qD2WndUpBgncrECch7tPF+AjG+lpQEpVKbxkwm5Brbze6LJW pgWEjAQQYVIirBJpuyXdngLnKHERRyy6gLdHEte7WBOsGyHRzNck9o2TMYZhfZftu0On DGjX5Y8V/KA9fp4kAMgW5oHDXIsY+RrpWfifoU4BNR2rfc7bVxRquzU28Yqvh5U1O6dM PsAdoAibn0xYYFtmCWgp03esAz2WLdifj72Ee54U+VfJSOOSmtiTb39tzPOCp6HEES3F nGZqILUUjzQwrz3Zmhn0pv3/qcfKJdQLbm0WJP1z9Ne6wd3eH54lDKOf1+eJaj1wujWh XklA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=0x7GqjHIvHPfbvGXEECEgdP3D46doylkqLpnrVY4cbU=; b=LgCwZ5rf23bfYQX5h/CmfvsWEYDps8q79MlU9fwuHbGmYyp+nSUO6++9hMNejGdwTU CwmCqGgEVLv997B2W1eWdy2G8J0DPxeGyc+8sj5QTxIRGX+DsEapa5nrfb7uoy6gZuFO p7Gi5I5eegaCNhpCdl+NCUDvI+SbRS7vWrlS7hCFE9HQ8RfPxEOiDvt4xmNyfx0WPC9I TRS+gpyiqOl3XvnP1WQTWwQ3En8fiRk/UTsxmoGzraQAFSM3hQpWbGGKjW6lPCrDgVrA cVcYDcPJApB6yquwJUkz9uBngvyZHquHU4IzTegJn/FDz7VHUB8F0nxQdYW1EDV1SwD4 SHrA==
X-Gm-Message-State: AOAM530i8rs6Jx+gh9wp4THZBHWW/H50nr6J5a9HeSIFXGLhYmxpe6Bs DjFVWGDm1HW1GFesFTKg8K0=
X-Google-Smtp-Source: ABdhPJy9ql73ln64T1wAFQGJiY8jW4Khs6j5d+C5v2pVlp4n7fceK8LHnS4oQR4i8W7r/WJk3s8m0Q==
X-Received: by 2002:a17:906:2b91:: with SMTP id m17mr8964636ejg.202.1634323167069; Fri, 15 Oct 2021 11:39:27 -0700 (PDT)
Received: from smtpclient.apple ([2001:984:65b0:1:9d06:8bc7:9aa8:2605]) by smtp.gmail.com with ESMTPSA id au26sm4666643ejc.53.2021.10.15.11.39.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Oct 2021 11:39:26 -0700 (PDT)
From: James <james.ietf@gmail.com>
Message-Id: <35F8FDD5-2FFB-4055-94E6-D4814CC3B740@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FAC9C77D-B077-4CF3-9574-3CBF41981064"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Fri, 15 Oct 2021 20:39:26 +0200
In-Reply-To: <DB8PR02MB57726795E3AD479F0CCFA778CFB99@DB8PR02MB5772.eurprd02.prod.outlook.com>
Cc: NTP WG <ntp@ietf.org>
To: Doug Arnold <doug.arnold@meinberg-usa.com>
References: <163386015957.12424.6997038478834885480@ietfa.amsl.com> <CAO+dDx=6baLhf9LwSMvR1F0ieuLO6NXmExYLDvcCF2tgchHs8w@mail.gmail.com> <DB8PR02MB5772AC97BFE2D7C1139EFDC0CFB89@DB8PR02MB5772.eurprd02.prod.outlook.com> <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com> <DB8PR02MB57726795E3AD479F0CCFA778CFB99@DB8PR02MB5772.eurprd02.prod.outlook.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/SFw8Sj5I24bVQ1t8AVX-hhE4EpA>
Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2021 18:39:34 -0000

The problem you’re expressing here does not appear to be at odds with my proposal. All that changes is that instead of the server smearing the time it transmits, the NTP client can optionally smear the clock it is synchronising instead. A server that supports both v4 and v5 must not smear v5 timestamps, but it can smear v4.

The alternative approaches are as I see it:
1. Continue the status quo, where we have no way to signal smearing, no consistent smearing cadence, and clients avoiding mixing smeared/non-smeared servers. Nothing improves.
2. Introduce some means to communicate the existence of smearing, and either standardising the smearing cadence or have some way of signalling it. Clients may be able to mix same-cadence smearing servers but cannot mix between smearing and non-smearing. This only legitimises the status quo bodge and makes it explicit.

The people who are making the call are absolutely welcome to come participate in this discussion and provide further information. It would be great to understand more details about their use cases.

- J

> On 15 Oct 2021, at 17:53, Doug Arnold <doug.arnold@meinberg-usa.com> wrote:
> 
> Hello James,
>  
> I agree that leap smearing is a clumsy and dangerous way to avoid the complication of correctly handling leap seconds in distributed database software.  And if it was up to me all IT equipment would use TAI for all timing except what is displayed to humans.  But it is not up to me.  The people who are making the call tell me that they believe that leap seconds is less bad than either moving everything from UTC to TAI, or writing and debugging database software that manages leap seconds properly.
>  
> So given that state of affairs.  What do we do? 
>  
> Doug
>  
> From: James <james.ietf@gmail.com>
> Date: Friday, October 15, 2021 at 5:27 AM
> To: Doug Arnold <doug.arnold@meinberg-usa.com>
> Cc: NTP WG <ntp@ietf.org>
> Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
> 
> Doug,
> Thanks for the feedback, responses inline.
> 
> 
> On 15 Oct 2021, at 00:45, Doug Arnold <doug.arnold@meinberg-usa.com <mailto:doug.arnold@meinberg-usa.com>> wrote:
>  
> Thanks James,
>  
> I think that this is pretty close to what is needed for ntpv5.  I like the separation of protocol and algorithms, and the use of monotonic timescale for timestamp fields (at least by default), and the insistence on security. 
>  
> I have two comments:
> 1. Why do you think that encryption should be the default mode? People often consider timing information to be critical but not secret.  Also it is likely to affect accuracy in implementations by adding a variable delay to encrypt. 
>  
> We’ve had a few discussions on list on the subject in the past, and the draft says:
>  
> > Encryption and authentication MUST be provided by the protocol specification as a default and MUST be resistant to downgrade attacks...
>  
> To put this another way, I think the specification must provide confidentiality as well as authentication, and that if either is applied they cannot be removed from a connection (aka a security downgrade) which makes authentication the minimum and doesn’t necessarily mandate confidentiality.
>  
> This section in particular could probably use some editing and clarification to better explain this [1] as we’ll likely need consensus calls made.
> 
> 
> 2. I think that it is better to allow leap smearing and make it a visible part of the protocol than to pretend it is not going to happen.  On this topic I think that Miroslav’s proposal was more realistic.  Data center network architects tell me they definitely plan to continue to do leap smearing.
>  
> In other use cases such as publicly accessible NTP, leap smearing has effectively fragmented the pools of services a given host can use as mixing smeared and non-smeared services is not a good idea, in addition to the start/end and cadence of smearing being inconsistent between providers [2]. I think that having a “linear, monotonic timescale” and leap smearing together are contradictory and so having smearing in the wire format would requiring changing that. My proposal doesn’t prevent smearing of a clock being synchronised, it’s about removing the smear from the wire.
>  
> - J
>  
> 1: https://github.com/fiestajetsam/draft-gruessing-ntp-ntpv5-requirements/issues/4 <https://github.com/fiestajetsam/draft-gruessing-ntp-ntpv5-requirements/issues/4>
> 2: https://mailarchive.ietf.org/arch/msg/ntp/hJTpPJ1L5bzBPhLtiQzL3bk75LM/ <https://mailarchive.ietf.org/arch/msg/ntp/hJTpPJ1L5bzBPhLtiQzL3bk75LM/>

v2.23.0 | Report a Bug | By Email