IETF Logo Mail Archive

Re: [Ntp] [tsvwg] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02

"touch@strayalpha.com" <touch@strayalpha.com> Tue, 07 December 2021 16:32 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 765BD3A1734; Tue, 7 Dec 2021 08:32:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E9r82CocPuly; Tue, 7 Dec 2021 08:32:12 -0800 (PST)
Received: from server217-1.web-hosting.com (server217-1.web-hosting.com [198.54.114.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06B413A1732; Tue, 7 Dec 2021 08:32:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DlSRUV733zSK2NRCcUDthuuGTlC74JfFN7L3kh7vuLA=; b=ZJ/6ZL4sksp0v0N0RnMr0cxQg0 /5G6TcMuPd5dDzKessgWQJ2apH1kmnXMzHzDmh+KH+MiHF05z0NJ/VY9WKSmhy0JeziOrHnOK84jL UsK369Hz68AFpQqpJW6VquRCVAIerKJKcfJzG22hhhsuLnyWqWCOC4knIo0K4i3i5TsaZmUKg0huk KZxHR7G4Nq/zFmVd+dAqfStC8E1q0Y9Lk8pUiyYgmCYOLKcQQ0R1o0kGL6LvsYUHBGEzHRRNt59ME BBB1bYZRGGJv16MxrhsohcPoqgp9ODK1gDoLUyH5HhS074e+Yx3jKxQQFQyhGWB7RtoB5IJCFt1mt 9uuTXX2Q==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:55300 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1mudNo-004k03-0i; Tue, 07 Dec 2021 11:32:04 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_6C17DE43-0A8B-414E-8D08-B48D9FB3AA5A"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <Ya81mYy8/EuH8ilY@localhost>
Date: Tue, 07 Dec 2021 08:31:55 -0800
Cc: Martin Burnicki <martin.burnicki@meinberg.de>, Magnus Westerlund <magnus.westerlund@ericsson.com>, NTP WG <ntp@ietf.org>, TSVWG <tsvwg@ietf.org>, Steven Sommars <stevesommarsntp@gmail.com>, Harlan Stenn <stenn@nwtime.org>, Danny Mayer <mayer@pdmconsulting.net>, Joseph Touch via IANA-Port-Experts <iana-port-experts@icann.org>, draft-ietf-ntp-alternative-port.all@ietf.org, tsv-art <tsv-art@ietf.org>, Hal Murray <halmurray@sonic.net>
Message-Id: <ABF8072B-C6C0-47F3-BD7B-BAFE927B5DE1@strayalpha.com>
References: <20211204231206.A534228C17A@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <A803AF18-2BBD-4A54-9802-3EF693066E6C@strayalpha.com> <CAD4huA7RhF3xZJkdghz4yx3qk8uBjkfJv7Y_hDCvX1a=wATBkg@mail.gmail.com> <CACL_3VENkyebRf25W6EpW0yZY6ELYS41A4D_i+RnQE1M21P2hg@mail.gmail.com> <Ya3fLJCHUsm1wE28@localhost> <90723c26-0352-a4d1-f765-eb26b1522954@pdmconsulting.net> <bf78924b-69bc-760e-cc7f-e6896504e194@meinberg.de> <Ya81mYy8/EuH8ilY@localhost>
To: Miroslav Lichvar <mlichvar@redhat.com>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/SOAXSgU_zO-HaE9NhpqpID7aVR4>
X-Mailman-Approved-At: Tue, 07 Dec 2021 09:58:46 -0800
Subject: Re: [Ntp] [tsvwg] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2021 16:32:17 -0000

—
Joe Touch, temporal epistemologist
www.strayalpha.com

> On Dec 7, 2021, at 2:21 AM, Miroslav Lichvar <mlichvar@redhat.com> wrote:
> 
> On Tue, Dec 07, 2021 at 10:23:10AM +0100, Martin Burnicki wrote:
>> I find it ridiculous to start using a new port for NTP because some admins
>> block the original, well-known port because many years ago there was a
>> possibility for DDoS for servers that weren't properly configured.
> 
> That possibility still exists. It's a security issue in the protocol.

Again, IMO, that’s why protocols (including NTP) have version numbers. 

I look forward to a new NTP version that addresses these issues, but it should run on the existing port.

This is the *same* issue every protocol encounters for any vulnerability.

Joe

v2.23.0 | Report a Bug | By Email