IETF Logo Mail Archive

Re: [Ntp] NTPv5 draft

Miroslav Lichvar <mlichvar@redhat.com> Tue, 08 December 2020 15:07 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8998F3A0F5E for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 07:07:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x1IdtXDxF_73 for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 07:07:36 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36E283A0F49 for <ntp@ietf.org>; Tue, 8 Dec 2020 07:07:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607440055; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=k846C8s9gD7jBpOwNoQATA4rBAj8VJvsyW6p/M1zydY=; b=N52U3bCbt2e/cm2Ni4yCv9aATbfrfoVAJ27b2njuVncRwtxUw9XNFX4/Pnkn5CwSl7cTFn 2OBr075MkDYUdOEM5pxPCjFs0J2Z9j6M1AV1opnF/O95vsoXMylg8TWCGigKs7OEzGsQTK HRNtadcXCiFJIR1vGKha2vH883FzsCQ=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-282-plv2E65lNr-GzKDs_A2Dgw-1; Tue, 08 Dec 2020 10:07:31 -0500
X-MC-Unique: plv2E65lNr-GzKDs_A2Dgw-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EC6C01005504; Tue, 8 Dec 2020 15:07:29 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 52FA560C6D; Tue, 8 Dec 2020 15:07:27 +0000 (UTC)
Date: Tue, 08 Dec 2020 16:07:25 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "ntp@ietf.org" <ntp@ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>
Message-ID: <20201208150725.GX2352378@localhost>
References: <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost> <F62C1325-8409-474C-9650-FA96405D0F4B@gmail.com> <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com> <20201208095046.GT2352378@localhost> <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com>
MIME-Version: 1.0
In-Reply-To: <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/XD1qmFbgPNiKLg42VtaKFv5Vlo8>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 15:07:38 -0000

On Tue, Dec 08, 2020 at 02:20:47PM +0000, Salz, Rich wrote:
> >    If you propose something, there should be a technical explanation
>     provided.
> 
> I'll claim that I already have, but to restate and scale it down a bit: all messages sent by a server must include authentication and tamper-proof. I do not believe anything less is acceptable these days.
> 
> I am leaving it vague so that the WG can figure things out.

As others explained, that is a difficult problem. A feeling about what
is acceptable is not helping if you don't have a solution. NTS relying
on TLS is the best thing we have now. If it has a 50% share of global
NTP in 2030, I think it will be a great success. Currently it is 0%.

We have identified NTPv4 issues that we want to have relatively
quickly fixed in NTPv5. If someone figures out solution that will make
authenticated NTP universally usable, it can be adopted by NTPv4, v5,
or whatever version exists at the time. This effort should be separate
from NTPv5.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email