Re: [Ntp] New I-D: NTP Port Randomization (draft-gont-ntp-port-randomization-00.txt)

Miroslav Lichvar <mlichvar@redhat.com> Thu, 18 April 2019 12:37 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4982120315 for <ntp@ietfa.amsl.com>; Thu, 18 Apr 2019 05:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yU5po6L09uNu for <ntp@ietfa.amsl.com>; Thu, 18 Apr 2019 05:37:04 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 542FE12032F for <ntp@ietf.org>; Thu, 18 Apr 2019 05:37:04 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C0F8BDD9F4; Thu, 18 Apr 2019 12:37:03 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 16E65608C9; Thu, 18 Apr 2019 12:37:02 +0000 (UTC)
Date: Thu, 18 Apr 2019 14:36:48 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: ntp@ietf.org
Message-ID: <20190418123648.GF5984@localhost>
References: <155544937440.24990.5297599214551671091.idtracker@ietfa.amsl.com> <d0be2bea-0e57-022f-16f1-4e682dcc66ad@si6networks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <d0be2bea-0e57-022f-16f1-4e682dcc66ad@si6networks.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 18 Apr 2019 12:37:03 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/YzO0YaXy_8oUDYuUzsbeQw2RUcw>
Subject: Re: [Ntp] New I-D: NTP Port Randomization (draft-gont-ntp-port-randomization-00.txt)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 12:37:07 -0000

On Tue, Apr 16, 2019 at 11:19:27PM +0200, Fernando Gont wrote:
> The I-D is available at:
> https://www.ietf.org/internet-drafts/draft-gont-ntp-port-randomization-00.txt

Thanks for writing the draft. Just a few quick comments.

The source port in client mode packets can be random and it can also
change with each request, which might be recommended in the document.
Most NTP clients do that.

The source port in active mode packets doesn't necessarily have to be
123. It can be random if the other peer is not expected to have a
permanent association with the peer, but it must not change between
requests as that would create new assocations.

In the NTS draft there is a port negotiation record, so proper NTP
servers will be able to run on other ports than 123.

-- 
Miroslav Lichvar