IETF Logo Mail Archive

Re: [Ntp] NTP is unique (was Re: QUIC as a transport substrate (was:re-chartering: include DNS-over-QUIC?))

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Mon, 13 April 2020 09:30 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F6133A12A1; Mon, 13 Apr 2020 02:30:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.086
X-Spam-Level:
X-Spam-Status: No, score=-1.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lD-ExnzKHK7o; Mon, 13 Apr 2020 02:30:52 -0700 (PDT)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 506C53A127B; Mon, 13 Apr 2020 02:30:32 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id n188so4390482ybc.3; Mon, 13 Apr 2020 02:30:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=FiE15mLfkg76gmBZNl0FJhBuSoWGyIuvw+h0GmHC4fs=; b=KTWQjPKOHO90trvM4xqJ2Yy6L5POPnuAN8trKeD9HOLR2qCn8kafJ72HUhgKycIvVZ 13x9dyjmIbkl3anPJAzBGMoMTlbBLf++gAMNzDZV8gE2RwIZdzqRiJ0OG2Z6ZRq45Wom INe3GilCswDfoCxvmRa2DDx8uYsMfa+KkacypB04RAKGukfBPmBLpOYSN/rO6mJGO3qd aLdWAbrv5VcjFJ2zP7Onewx7iBQHBNm/T/eD5fDLgy2hmw1yxPYJjKyWrsMRucD1n7PL 7wgWv35bWD/Ngz1hfsb4GqA4yE3to6fxkt8qGXeTrI0C44XpbfPtyZS0dxY0DdHXkOpG BK4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=FiE15mLfkg76gmBZNl0FJhBuSoWGyIuvw+h0GmHC4fs=; b=a3F/riWoT/KkvioMn1Z7YGCGbfiGR6oC6nR10G4pNzhb/BJSImPxuFqrqUlFISksDO 7qtZxAuTqoysEi+e/jWYCYCrcYH1iimUwiyeLqIIqxicbV6EJNDyS4xGbg6SKeDc3b6D nWrnKd+Wi9G3m/EGbtfXKxTonUdX7WOFbFgIBTX+55Lby2jeTD5YrLuhsjLz1nysZYk3 qTRRMQ2bRg/39ispjlOr40Vfe2CPq4JVIgI/7TS2+mG1J5HMozIkmfx4ATaKp1OcrUBt XyQV/VP9OzysyDShlGsP8CwlcdVD7ZMFc+Xzof0lwbROlEh+zHQAcp1bu5LLVhgETAKL OMww==
X-Gm-Message-State: AGi0Pub+0LVQ2SMQti7bKD2EqbpKdL56r7MS5s/kh4CjCy1Z7TS4+7O6 exAfG4EiFwE2IOHHZmLSTado0gq0E7QCMWTVnek=
X-Google-Smtp-Source: APiQypLMyzg2ztyyzLbQhHlXE6eFejPbHKPP71HBxh8wybT6XibHb350Uf/bae0sli614C7SzNrbW22GzqB4JrMEcdg=
X-Received: by 2002:a25:dc8e:: with SMTP id y136mr25479610ybe.294.1586770230893; Mon, 13 Apr 2020 02:30:30 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Mon, 13 Apr 2020 02:30:30 -0700
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <CABUE3X=rhfWjYOoFUidN8hoxVQghsWvYVTEeSM37PT+3fvL_hg@mail.gmail.com>
References: <CAKKJt-eopq46Qy3GG_SO6Ws6DJNszGCxqcjbKfGvPzmkUw71hw@mail.gmail.com> <CAMGpriXg6VAkW_NrQgpWwNfCmc18UW2FHg2oV90Q4fzCO_7vKA@mail.gmail.com> <CACsn0ck9GiZEq1=qZ9Mss56yTwhd0HKoH42ZQN6XgaCj+Zi=UA@mail.gmail.com> <CABUE3X=rhfWjYOoFUidN8hoxVQghsWvYVTEeSM37PT+3fvL_hg@mail.gmail.com>
MIME-Version: 1.0
Date: Mon, 13 Apr 2020 02:30:30 -0700
Message-ID: <CAN1APddaQNaoTTwkXS_hR9=Z-8BG9fwTPd-_ji3g=ieWq56RiA@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>, Tal Mizrahi <tal.mizrahi.phd@gmail.com>, Watson Ladd <watsonbladd@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>, Lucas Pardue <lucaspardue.24.7@gmail.com>, ntp@ietf.org, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000f3e32605a328bb8e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Tw_l6gSAj1FCbEnIy47uz_KAaHY>
X-Mailman-Approved-At: Tue, 14 Apr 2020 14:22:08 -0700
Subject: Re: [Ntp] NTP is unique (was Re: QUIC as a transport substrate (was:re-chartering: include DNS-over-QUIC?))
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2020 09:30:59 -0000

I think these observations on resource usage are correct, but changing
system time could be a significant attack vector. For NTP to make sense
over QUIC, the datagram extension would be needed to avoid much of the
state and retransmission overhead. A simplified implementation could even
forego a lot of the QUIC machinery such as streams and only rely on the
handshake and datagram. Of course you could also use DTLS but that is yet
another stack.

Kind Regards,
Mikkel Fahnøe Jørgensen


On 13 April 2020 at 11.23.06, Tal Mizrahi (tal.mizrahi.phd@gmail.com) wrote:

Hi,

> > This came to mind because I had a silly idea. As I watched Christian's
presentation in dprive I thought (a) this DoQ doc really benefits from
Christian knowing what he's doing with QUIC, and (b) I wondered if I could
run NTP over QUIC. Like I said, this is probably silly and there might be
nothing to gain from the attempt, but it got me thinking about guidance for
anyone else with both (a) such an idea and (b) the time to write/implement
a proposal.

NTP-over-QUIC is an interesting idea.

The main benefits I can think of of running NTP over QUIC are enjoying
the inherent security of QUIC, and avoiding middlebox tampering.
I wonder if these benefits are worth the effort.

On the other side running NTP over QUIC may consume significantly
higher resources on NTP servers than are necessary today. NTP servers
try to minimize the per-client state (or keep it zero if possible),
while QUIC may require per-client state in order to allow 0-RTT. Also
the precision of NTP may be lower than existing implementations if
implemented in user space.

> You also don't want automatic retransmission in NTP, and the flow
> control is essentially nonexistent: it's driven by the synchronization
> loop.

One may consider using QUIC in datagram mode, and this would prevent
retransmissions. ACKs would still be sent in this case.

Cheers,
Tal.



On Mon, Apr 13, 2020 at 9:18 AM Watson Ladd <watsonbladd@gmail.com> wrote:
>
> On Sun, Apr 12, 2020 at 11:03 PM Erik Kline <ek.ietf@gmail.com> wrote:
> <chop>
> >
> > This came to mind because I had a silly idea. As I watched Christian's
presentation in dprive I thought (a) this DoQ doc really benefits from
Christian knowing what he's doing with QUIC, and (b) I wondered if I could
run NTP over QUIC. Like I said, this is probably silly and there might be
nothing to gain from the attempt, but it got me thinking about guidance for
anyone else with both (a) such an idea and (b) the time to write/implement
a proposal.
>
> NTP has a very unique property: one packet is sent every 1024 or 512
> seconds or so by the client. A single server can handle a high packet
> rate easily because of the statelessness. Adding state would start
> getting problematic at the high packet rates.
>
> You also don't want automatic retransmission in NTP, and the flow
> control is essentially nonexistent: it's driven by the synchronization
> loop.
>
> Getting through middleboxes isn't nothing! But that's more a new port,
> and ideally you want middleboxes to correct for packet queuing times.
>
> Sincerely,
> Watson Ladd
>

v2.23.0 | Report a Bug | By Email