[Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
kristof.teichel@ptb.de Sun, 09 December 2018 11:43 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACD611271FF for <ntp@ietfa.amsl.com>; Sun, 9 Dec 2018 03:43:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.799
X-Spam-Level:
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, HTML_NONELEMENT_30_40=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ltlrc8WnPYhM for <ntp@ietfa.amsl.com>; Sun, 9 Dec 2018 03:43:40 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6155F127598 for <ntp@ietf.org>; Sun, 9 Dec 2018 03:43:39 -0800 (PST)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id wB9Bhb6Z014774-wB9Bhb6b014774 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sun, 9 Dec 2018 12:43:37 +0100
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 7E82072F3B3; Sun, 9 Dec 2018 12:43:36 +0100 (CET)
MIME-Version: 1.0
X-Disclaimed: 1
Sensitivity:
Importance: Normal
X-Priority: 3 (Normal)
In-Reply-To: <b558b0de-a451-f233-e86c-26f4b065c164@nwtime.org>
References: <b558b0de-a451-f233-e86c-26f4b065c164@nwtime.org>, <4e9efcc4-0285-72c1-9119-7cbd167847d0@nwtime.org> <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <0DAD4C5F-EAFA-4A3D-A3E4-55F34A7C1BFE@isoc.org> <AM0PR0602MB3730B2389832592B5A1D2647FFA90@AM0PR0602MB3730.eurprd06.prod.outlook.com> <OF03487E97.EB065354-ONC125835D.006E9262-C125835D.00717024@ptb.de>
From: kristof.teichel@ptb.de
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
Message-ID: <OF42DFC0BE.0D439664-ONC125835E.003FD128-C125835E.00406A35@ptb.de>
Date: Sun, 09 Dec 2018 12:43:34 +0100
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/SenjmVJJZ1mL7WlU-fr5u4Vq9Oc>
Subject: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2018 11:43:44 -0000
Von: "Harlan Stenn"
Gesendet von: "ntp"
Datum: 09.12.2018 06:48
Kopie: ntp@ietf.org
Betreff: Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
H
On 12/8/2018 12:39 PM, kristof.teichel@ptb.de wrote:
> I'm on my browser mail client and sadly can't respond in-line without making a
> mess of the formatting.
>
> The summary of my response is: yes, we have seen most or all of the here-cited
> concerns of yours before, and dismissed them.
> Sorry if that was not always communicated clearly enough - although I have a
> feeling that in most cases, it was.
>
> In any case, let me give short-ish versions of replies regarding the mentioned
> points:
>
> - The "earmarked" EF type thing: to me it looks like you're basically trying to
> have NTS make people adhere to an NTF-internal numeration system (the only place
> I know of where it is "standardized" is the Autokey RFC?). That, I oppose.
>
> - Being "monolithic": this seems like a mere impression that you have that is
> also mostly false (e.g. a client could choose to send no cookie placeholders and
> ignore all fresh cookies - though I do not advertise this idea). I can only
> guess what you would like us to do about your concern, and the things I am
> guessing (such as dividing AEAD and fresh cookies off into some kind of optional
> sub-mode), I definitely oppose.
>
> - TCP matters: are you seriously suggesting for NTS to rest until a number of
> other drafts potentially reach RFC status? If not, what exactly are you
> suggesting? If so, I oppose.
>
> - The "one cookie/placeholder per field" issue: could someone who has
> implemented this please elaborate on the typical size of a cookie? In any case,
> a placeholder must by design be as large, so I'm not convinced there is any
> issue here. In either case, I don't see an actionable suggestion (I can guess at
> one, bit for that one I would still need to be convinced there is an issue in
> the first place).
>
> - The "all modes or bust" issue: I remember giving you a lengthy response to
> this previously. Please stop insisting this concern has never been adressed.
> Also, what is you actionable suggestion? Put everything on hold, until solutions
> have been found that everyone including you can agree on, for modes that are
> used significantly less than the one adressed? If so, I oppose.
>
> - The "Dave has a viable alternative" claim: what is the proposed "solution" of
> which you speak? I remember a document skeleton which barely had more than
> headlines for its sections, and I remember a lengthy document that switched
> between a vague critique of mixed NTS versions and a proposal for what a
> proposal might look like (where some of the few concrete suggestions would be
> attackable with methods straight out of Roettger's 2012 critique of Autokey)...
> if you mean either of those then please stop bringing them up as though there
> was a serious discussion to be had at this point. If you mean something else,
> please refer us to it so that a real discussion is possible. And again, what
> would even be your actionable suggestion to us, the editors of the NTS document?
>
> Is there anything else (preferably actionable suggestions) you still feel has
> not been adressed?
>
>
> Best regards,
> Kristof
>
>
> -----"ntp" <ntp-bounces@ietf.org <mailto:ntp-bounces@ietf.org>> schrieb: -----
> An: ntp@ietf.org <mailto:ntp@ietf.org>
> Von: "Harlan Stenn"
> Gesendet von: "ntp"
> Datum: 07.12.2018 23:05
> Betreff: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp
>
> I am strongly supportive of the goal of providing a replacement for
> Autokey, as soon as possible.
>
> As written, I am opposed to the adoption of this proposal, as the
> detailed objections and concerns I have repeatedly raised have still not
> been addressed.
>
> Off the top of my head, here is a (partial?) summary of my objections:
>
> - we have long earmarked EF type 4 for NTS, and this is still not in the
> document as a recommendation for IANA. In particular, if the proposal
> advances as written we would want to see:
>
> | 0x0104 | * NTS Unique Identifier Request |
> | 0x8104 | * NTS Unique Identifier Response |
> | 0x0204 | * NTS Cookie |
> | 0x0304 | * NTS Cookie Placeholder |
> | 0x0404 | * NTS AEEF Request |
> | 0x8404 | * NTS AEEF Response |
>
> (or similar). There is no good reason to leave it up to IANA to
> possibly assign 6 random EFs for this use case.
> draft-stenn-ntp-extension-fields (for which I will be trying to post an
> update soon) clearly and simply describes this.
>
> - The proposal is too monolithic, and we would all be better served with
> a proposal that separates the cookie mechanism and encrypted transfers
> into separately-usable mechanisms. There may be other similar cases as
> well, but my brain is too fuzzy right now to think more about this.
>
> - It creates a separate TCP service/port specifically for NTS key
> exchange. This is wasteful in general, and would be better served by
> folks collaborating on:
>
> draft-stenn-ntp-tcp-services
> draft-stenn-ntp-tcp-services-keyexchange
>
> - The proposal uses multiple Cookie and Cookie Placeholder messages (as
> I recall - see my other message about the cold I'm still recovering
> from) instead of having a single Cookie and Cookie Placeholder message
> that supports multiple entries. This would not be an issue if 7822 did
> not specify a 28-octet minimum final EF size, or if
> draft-stenn-ntp-extension-fields was implemented (or being considered,
> even).
>
> - It only supports client/server mode, and it does so in a way for which
> adding support for symmetric and [mb]*cast modes had been demonstrated
> to be problematic. We need an encompassing solution, and this isn't it.
>
> It would not surprise me at all to discover issues I have forgotten to
> list above that are in my previous messages on this topic.
>
> I'm sorry I haven't had the resources to once again re-study and re-list
> my objections to this proposal.
>
> Dave Mills has posted several papers about the above problems including
> a proposed solution, but for whatever reasons, for years we have
> continued to pursue this increasingly limited solution instead of
> working towards a better/more functional solution.
>
> As I said in an earlier message, Dave is currently unable to receive or
> send email messages, so he apparenetly can't participate in this WGLC.
>
> --
> Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org>>
> http://networktimefoundation.org" rel="nofollow">http://networktimefoundation.org - be a member!
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org <mailto:ntp@ietf.org>
> https://www.ietf.org/mailman/listinfo/ntp" rel="nofollow">https://www.ietf.org/mailman/listinfo/ntp
>
--
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org" rel="nofollow">http://networktimefoundation.org - be a member!
_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp" rel="nofollow">https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Loganaden Velvindron
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- [Ntp] Fwd: WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- [Ntp] Dave Mills: Re: WGLC: draft-ietf-ntp-using-… Harlan Stenn
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Miroslav Lichvar
- Re: [Ntp] Fwd: WGLC: draft-ietf-ntp-using-nts-for… kristof.teichel
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Denis Reilly
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Marcus Dansarie
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Harlan Stenn
- [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Salz, Rich
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-i… Harlan Stenn
- Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-i… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Salz, Rich
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… kristof.teichel
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Brian Haberman
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Marcus Dansarie
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Salz, Rich
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Salz, Rich
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Ragnar Sundblad
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Miroslav Lichvar