Re: [Ntp] Éric Vyncke's No Objection on draft-ietf-ntp-port-randomization-06: (with COMMENT)

Fernando Gont <fernando@gont.com.ar> Wed, 02 June 2021 18:45 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A837D3A168F; Wed, 2 Jun 2021 11:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.851
X-Spam-Level:
X-Spam-Status: No, score=-0.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TH3-97HDiKeU; Wed, 2 Jun 2021 11:45:44 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4B533A1693; Wed, 2 Jun 2021 11:45:43 -0700 (PDT)
Received: from [10.0.0.133] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 2A94F2800DD; Wed, 2 Jun 2021 18:45:38 +0000 (UTC)
To: =?UTF-8?Q?=c3=89ric_Vyncke?= <evyncke@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-ntp-port-randomization@ietf.org, ntp-chairs@ietf.org, ntp@ietf.org, odonoghue@isoc.org
References: <162244828999.14013.2000840672019389758@ietfa.amsl.com>
From: Fernando Gont <fernando@gont.com.ar>
Message-ID: <c314d56a-8f92-632e-fa3c-4a35d1624271@gont.com.ar>
Date: Wed, 2 Jun 2021 02:41:12 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <162244828999.14013.2000840672019389758@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/SNWi-7dh-RbjiWLZjZxF62FFo58>
Subject: Re: [Ntp] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-ietf-?= =?utf-8?q?ntp-port-randomization-06=3A_=28with_COMMENT=29?=
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 18:45:49 -0000

Hi, Eric,

Thanks a lot for your feedback! In-line....

On 31/5/21 05:04, Éric Vyncke via Datatracker wrote:

> == COMMENTS ==
> 
> -- Section 3.4 -- A reference for "Some NAT devices" would be welcome
> even if this behavior is to be expected.

Will try to find one.



> The last § is convoluted and requires several read to understand it, 
> paraphrasing would be good even if I have no suggestion.

Changed to:

     In the case of NAT devices that will translate the source port even
     when a privileged port is employed, packets reaching the external
     realm of the NAT will not employ the NTP well-known port as the
     source port, as a result of the port translation function performed
     by the NAT device.



> -- Section 4 -- I wonder the added value of "The value in this
> variable becomes the source port number of packets sent from this
> association." Especially as 'variable' is not bound in the text to
> any value (OK we can guess that it is dstport).

Not sure I follow. Could you elaborate?



> Some rationale for "The randomized port number SHOULD NOT be shared
> with other associations."

How about:

The randomized port number SHOULD NOT be shared with other associations,
to avoid revealing the randomized port to other associations.

?


> would be welcome. Also, is it OK to share this port number with other
> applications ?

This would be a different case: i.e., it's not that you'd be
systematically leaking the randomized port to other peer processes, as
in the case above.



> -- Section 5 -- Interesting to read that many existing
> implementations have always implemented this specification

Glad this Section was of use ;-)



> == NITS ==
> 
> Please address all nits detected by: 
> https://www6.ietf.org/tools/idnits?url=https://www.ietf.org/archive/id/draft-ietf-ntp-port-randomization-06.txt

Is this:
   -- The document seems to lack a disclaimer for pre-RFC5378 work, but
      may have content which was first submitted before 10 November 2008.
      If you have contacted all the original authors and they are all
      willing to grant the BCP78 rights to the IETF Trust, then this is
      fine, and you can ignore this comment.  If not, you may need to add
      the pre-RFC5378 disclaimer.
      (See the Legal Provisions document at
      https://trustee.ietf.org/license-info for more information.)

a false positive?

Thanks!

Regards,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1