IETF Logo Mail Archive

Re: [Ntp] NTPv5 draft

Hal Murray <hmurray@megapathdsl.net> Tue, 01 December 2020 10:40 UTC

Return-Path: <hmurray@megapathdsl.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 549EA3A10D8 for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 02:40:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.037
X-Spam-Level: *
X-Spam-Status: No, score=1.037 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_DYNAMIC_IPADDR=1.951, PDS_RDNS_DYNAMIC_FP=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CxoJg0Usymjt for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 02:40:41 -0800 (PST)
Received: from ip-64-139-1-69.sjc.megapath.net (ip-64-139-1-69.sjc.megapath.net [64.139.1.69]) by ietfa.amsl.com (Postfix) with ESMTP id 3B6283A10D2 for <ntp@ietf.org>; Tue, 1 Dec 2020 02:40:40 -0800 (PST)
Received: from shuksan (localhost [127.0.0.1]) by ip-64-139-1-69.sjc.megapath.net (Postfix) with ESMTP id 3691640605C; Tue, 1 Dec 2020 02:40:40 -0800 (PST)
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
To: Miroslav Lichvar <mlichvar@redhat.com>
cc: ntp@ietf.org, hmurray@megapathdsl.net
From: Hal Murray <hmurray@megapathdsl.net>
In-Reply-To: Message from Miroslav Lichvar <mlichvar@redhat.com> of "Tue, 01 Dec 2020 11:03:05 +0100." <20201201100305.GK1900232@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 01 Dec 2020 02:40:40 -0800
Message-Id: <20201201104040.3691640605C@ip-64-139-1-69.sjc.megapath.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/SoYqmd1wHbA5b_NvCZ-GE0u7AzE>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 10:40:42 -0000

mlichvar@redhat.com said:
> Ok, so if the draft said something like "NTP clients SHOULD use
> authentication", would that work for you? Ultimately, it would be up to the
> client's default configuration whether authentication is enabled or not. 

That doesn't sound right to me.

You can't say SHOULD for something that is hard to implement.  In particular, 
authentication doesn't work with the pool.  For that SHOULD to make sense, we 
either have to add authentication to the pool or we have to put the pool out 
of business.

You can say something like "implementations SHOULD support authentication".  
It probably takes a paragraph to explain what that means and why we think it 
is a good idea.  But in reality, the basic protocol is so simple that people 
will throw together their own implementation, probably by reading stuff from 
the web rather than the actual RFC.

I think there is a chicken-egg problem.  Yesterday, authentication was hard to 
setup.  With NTS, it should be easy to setup the client side.  Now we have to 
get some public servers that support NTS.  We need lots of them, not just a 
few.

As a starter, it would be nice if ISPs ran authenticated servers for their 
clients.  Cloud farms too.



-- 
These are my opinions.  I hate spam.

v2.23.0 | Report a Bug | By Email