Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
"Langer, Martin" <mart.langer@ostfalia.de> Mon, 08 March 2021 11:51 UTC
Return-Path: <mart.langer@ostfalia.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F7F3A0C49 for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:51:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MUrBkXfjNwxu for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:51:40 -0800 (PST)
Received: from mx1.sonia.de (mx1.sonia.de [141.41.1.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAA163A0C43 for <ntp@ietf.org>; Mon, 8 Mar 2021 03:51:39 -0800 (PST)
Received: from mx1.sonia.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 53A561C800CF for <ntp@ietf.org>; Mon, 8 Mar 2021 12:51:38 +0100 (CET)
Received: from exchange06.resource.sonia.de (exchange06.resource.sonia.de [141.41.8.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.sonia.de (Postfix) with ESMTPS id 4FD361C800AD for <ntp@ietf.org>; Mon, 8 Mar 2021 12:51:38 +0100 (CET)
From: "Langer, Martin" <mart.langer@ostfalia.de>
To: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
Thread-Index: AQHXEfmMSKND+BsUuke89/+0bAqpHap52TGAgAAU3aP///w9gIAAEtRv
Date: Mon, 08 Mar 2021 11:51:37 +0000
Message-ID: <63ba384a15fd4b4d90ae297650d9124b@ostfalia.de>
References: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com> <YEX+RYP1vXLgt5f8@localhost> <02fd071141eb4b6ea94a8245af2d75f8@ostfalia.de>,<YEYMnVfIGcbZ3TKP@localhost>
In-Reply-To: <YEYMnVfIGcbZ3TKP@localhost>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [141.41.8.54]
Content-Type: multipart/alternative; boundary="_000_63ba384a15fd4b4d90ae297650d9124bostfaliade_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/T3Hse6AqLnlmw84xDSCLe8VRcVo>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 11:51:42 -0000
yeah... guess you are right. In this case we need a periodic unicast connection as a watchdog protocol, ...or something else. The group-based PTP (multicast) communication is a tricky one. It is hard to secure. Especially delay attacks. ... on the other hand... it is also a part of the security prongs C and D of PTPv2.1 (redundancy and monitoring). We are not able to secure packets against delay attacks with cryptographic measures. -martin- ------------------- Martin Langer, M.Eng. Ostfalia Hochschule für angewandte Wissenschaften - Hochschule Braunschweig/Wolfenbüttel University of Applied Sciences Labor Datentechnik, Labor Design Digitaler Systeme Fakultät Elektrotechnik Salzdahlumer Straße 46/48 38302 Wolfenbüttel Germany Tel.: +49 5331 939 43370 Web: https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer ________________________________ Von: Miroslav Lichvar <mlichvar@redhat.com> Gesendet: Montag, 8. März 2021 12:38:05 An: Langer, Martin Cc: NTP WG Betreff: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp On Mon, Mar 08, 2021 at 11:09:49AM +0000, Langer, Martin wrote: > The multicast connections are not comparable to the broadcast connections in NTP. I think they are pretty much the same if you assume the NTP client is making periodic measurements of the delay and not just once on start. > In NTP, TESLA-secured communication could be broken, because delay attacks are not > detectable. However, in PTP we have two-way communication (Delay Request/Response) > during multicast, which can be used to register runtime changes (RTT). However, a formal > analysis is indeed not available. The delay measurement has a request and response, but the offset measurement (using sync messages) does not. Delay messages can be much less frequent than sync messages. That's quite different from the NTP client-server mode, where each request has an immediate response. -- Miroslav Lichvar
- [Ntp] Comments on draft-langer-ntp-nts-for-ptp Watson Ladd
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Hal Murray
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Dieter Sibold
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Miroslav Lichvar
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Doug Arnold
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Langer, Martin
- Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp Heiko Gerstung