Re: [Ntp] Experimental/Private EF area: was Re: Registries document
Harlan Stenn <stenn@nwtime.org> Tue, 01 August 2023 10:20 UTC
Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98E09C151078 for <ntp@ietfa.amsl.com>; Tue, 1 Aug 2023 03:20:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FM6Gwv0h7azS for <ntp@ietfa.amsl.com>; Tue, 1 Aug 2023 03:19:56 -0700 (PDT)
Received: from chessie.everett.org (chessie.fmt1.pfcs.com [IPv6:2001:470:1:205::234]) by ietfa.amsl.com (Postfix) with ESMTP id 03AF3C14CEFE for <ntp@ietf.org>; Tue, 1 Aug 2023 03:19:56 -0700 (PDT)
Received: from [10.208.75.149] (075-139-201-040.res.spectrum.com [75.139.201.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4RFWLz5FhFzMQfY; Tue, 1 Aug 2023 10:19:55 +0000 (UTC)
Message-ID: <46291a7a-41f7-2874-3973-53abf3400269@nwtime.org>
Date: Tue, 01 Aug 2023 03:19:54 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1
Content-Language: en-US
To: Miroslav Lichvar <mlichvar@redhat.com>, Harlan Stenn <stenn@ntp.org>
Cc: "Salz, Rich" <rsalz@akamai.com>, "ntp@ietf.org" <ntp@ietf.org>
References: <664a52a9-08a9-d755-7f2c-5e7b9e3c9667@nwtime.org> <72448798-1D9F-4391-B3A6-131CE9783132@akamai.com> <d53b7d81-08bb-9159-33e7-9d0e21cca7d8@ntp.org> <EA171472-63A2-468E-AE6B-D655403058D0@akamai.com> <055e2897-143a-e19c-9c1b-b1953c4ea2c9@ntp.org> <795cbd64-5637-131f-b287-8649a3db145c@ntp.org> <ZMeh8WnbrAKDPx0Z@localhost> <21773363-e898-ed95-35e5-8ebca9efd58d@ntp.org> <ZMit1DBBwFNheq8c@localhost> <839f9b13-e6c2-bfe6-724a-828acc5f6742@ntp.org> <ZMjUsiNI9/Fx6N41@localhost>
From: Harlan Stenn <stenn@nwtime.org>
In-Reply-To: <ZMjUsiNI9/Fx6N41@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/Yllknu4B6xV2SjgVEakFO6eoDm4>
Subject: Re: [Ntp] Experimental/Private EF area: was Re: Registries document
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2023 10:20:00 -0000
On 8/1/2023 2:47 AM, Miroslav Lichvar wrote: > On Tue, Aug 01, 2023 at 01:45:36AM -0700, Harlan Stenn wrote: >> The Autokey change from Type 1 to Type 2 came out in July of 2003. >> >> draft-ietf-ntp-autokey-00 came out in September of 2007, partway thru the >> period where ntp-4.2.4 was in use. >> >> I heard plenty from folks who said "don't break backward compatibility". I >> heard *nothing* about "hey, maybe we should figure out how to make the EF >> code match 5906". > > Ok, so why do you want to make the change now? Because we have to upgrade the EF handling code anyway, to support both versions. And Autokey is already there, in the codebase, and behaving as-expected. The "shim" layer that puts the Autokey packet information into a packet is the only layer that needs a change, and it's no big deal to make it happen. Furthermore, we'll be releasing this code with all the proposed new EFs in there as well, and we can use things like I-DO to communicate whether or not Autokey is supported. Basically, the result will be something that is much more robust and functional, will serve as an even better reference implementation, and can be done for very little cost. >> But, as I said, I'm going to be working on a document where the V1 EF is >> documented for historical purposes. > > Isn't it easier to update RFC5906, when nothing has implemented it? 1) We're gonna make Autokey work with the V2 EF fields described in 5906 anyway. If somebody makes a simple change to RFC5906 (won't be me/us) and we do this, that will create another mess to clean up down the road. 2) I'm planning to produce a document that also describes the V1 EF fields and Autokey. I was not yet planning to document the V1 and V2 Autokey stuff, but we'll likely do that, just for the sake of completeness. "In for a penny, in for a pound." >> The values I chose are very efficient to process in an enterprise-class or >> "carrier grade" implementation. > > I don't think there is a measurable impact for an NTP server searching > EF types in a set of 8-bit values instead of 16-bit values, certainly > not in an NTP implementation like ntpd, which is mainly limited by the > OS. I don't understand what you are claiming here. Please say more. > Can you demonstrate it? I believe so, and if somebody wants to see it and is prepared to fund that effort we can do it. > And are you sure this impact is bigger > than the impact of resolving collisions between the ntpd autokey types > and RFC5906? I am absolutely sure of it. I'm sure there are folks out there who won't think any of the following matters: - I have been writing code, professionally, for 50 years. - I got an MSE in Computer Science (a bit different from a plain MS) over 40 years' ago. - Dave Mills looked at the quality of my work and the scope of what I was doing that he made me the NTP Project Manager and, effectively, his shield or gatekeeper nearly 30 years' ago, and he never fired me. So I, at least, and a good number of folks I have worked with over the past 50 years, think I have at least a basic competence to make these sort of assessments. I'm pretty sure I've shown that there are no collisions, and that the claim that there *could* be collisions are, politely, absurd. Nobody has yet to offer any evidence to the contrary, but many keep (baselessly) claiming it to be the case. So perhaps more to the point, why are you apparently interested in seeing time and effort invested in fixing a hypothetical or imaginary problem with 5906? >>> Why would you do that? Such a waste of your project's resources. >> >> I'm not saying we'd do it for free. > > I see. If somebody else is paying for a pointless increase in > the complexity of the code, that makes it ok. Srsly? How did you come up with "pointless" based on the information I provided? >> There are apparently large organizations who, in spite of being told for a >> very long time that Autokey should not be used, still use Autokey because it >> gets them a TAI offset, and "it works just fine for them". > > If they need the TAI offset, allow the Autokey LEAP extension field to > be used without the rest of Autokey and protect it by a symmetric key > or NTS. That would be a useful improvement. Sure. But that only works if the client deployment will tolerate that simplification. It might. We don't know yet. I don't want to make an assumption like that. >>> Let's update the registries to include the ntpd Autokey EF types and >>> move on. >> >> Please keep the V1 EF table separate from the V2 EF table. > > The trouble is that there is only one table. How would an > implementation know which table is a received packet using? I cannot even fathom how you got to the place where you are asking this. If somebody has a V1 implementation somewhere and they want to understand packet content, they look up the values in the V1 EF table. If somebody is using a V2 implementation, they use the V2 EF table. Why would anybody who cares about V1 want to wade thru a table with V1 and V2 entries in it? Why would anybody who cares about V2 want to wade thru a table with V1 and v2 entries in it? -- Harlan Stenn <stenn@nwtime.org> http://networktimefoundation.org - be a member!
- [Ntp] Registries document Salz, Rich
- Re: [Ntp] Registries document Steven Sommars
- Re: [Ntp] Registries document Salz, Rich
- Re: [Ntp] Registries document Hal Murray
- Re: [Ntp] [EXT] Re: Registries document Windl, Ulrich
- Re: [Ntp] Registries document Martin Burnicki
- Re: [Ntp] Registries document Harlan Stenn
- Re: [Ntp] Registries document Salz, Rich
- Re: [Ntp] [EXT] Re: Registries document Windl, Ulrich
- Re: [Ntp] Registries document Windl, Ulrich
- Re: [Ntp] [EXT] Re: Registries document Paul Gear
- Re: [Ntp] Registries document Harlan Stenn
- Re: [Ntp] Registries document Salz, Rich
- Re: [Ntp] Registries document Harlan Stenn
- Re: [Ntp] Registries document Salz, Rich
- Re: [Ntp] Registries document Harlan Stenn
- Re: [Ntp] Registries document Salz, Rich
- [Ntp] Experimental/Private EF area: was Re: Regis… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Salz, Rich
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Salz, Rich
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] [EXT] Re: Registries document Windl, Ulrich
- Re: [Ntp] [EXT] Re: Registries document Harlan Stenn
- Re: [Ntp] Registries document Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… Salz, Rich
- Re: [Ntp] Experimental/Private EF area: was Re: R… Salz, Rich
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Windl, Ulrich
- Re: [Ntp] [EXT] Re: Re: Experimental/Private EF a… Windl, Ulrich
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Miroslav Lichvar
- Re: [Ntp] Registries document Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Harlan Stenn
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Windl, Ulrich
- Re: [Ntp] [EXT] Re: Experimental/Private EF area:… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… Harlan Stenn
- Re: [Ntp] Experimental/Private EF area: was Re: R… Miroslav Lichvar
- Re: [Ntp] Experimental/Private EF area: was Re: R… David Venhoek