[Ntp] Antwort: NTS for PTP feedback
martin.langer@ptb.de Fri, 02 February 2024 14:39 UTC
Return-Path: <martin.langer@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8892EC14F71D for <ntp@ietfa.amsl.com>; Fri, 2 Feb 2024 06:39:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.628
X-Spam-Level:
X-Spam-Status: No, score=-1.628 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjgenM-D2GIe for <ntp@ietfa.amsl.com>; Fri, 2 Feb 2024 06:39:20 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD80FC14F70D for <ntp@ietf.org>; Fri, 2 Feb 2024 06:39:18 -0800 (PST)
Received: from s23397.bs.ptb.de ([172.21.101.132]) by mx1.bs.ptb.de with ESMTP id 412EdFem014371-412EdFeo014371 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 2 Feb 2024 15:39:15 +0100
MIME-Version: 1.0
Sensitivity:
In-Reply-To: <CAPz_-SU32+rUfBiOgkJJVSEfdVdCmv1dN9sHxYKm2+cDj9WTRQ@mail.gmail.com>
References: <CAPz_-SU32+rUfBiOgkJJVSEfdVdCmv1dN9sHxYKm2+cDj9WTRQ@mail.gmail.com>
From: martin.langer@ptb.de
To: David Venhoek <david@venhoek.nl>
Cc: NTP WG <ntp@ietf.org>, "R. Bermbach" <r.bermbach@ostfalia.de>
Message-ID: <OFDDD205A6.C8EADE14-ONC1258AB7.004FE971-C1258AB7.00507F6F@ptb.de>
X-Priority: 3 (Normal)
Importance: Normal
Date: Fri, 02 Feb 2024 15:39:15 +0100
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-FEAS-Client-IP: 172.21.101.132
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=mime-version:references:subject:from:to:cc:message-id:date:content-type; bh=zJiH1VEcHuAJbJmgKK5kAKKcs5mVblGrtUaP8nGcZXY=; b=XdO+FD4ikUTmXLMKrdurRuOwhAs0e2fljqfDJKaBeykVqB+tIibUDSmFfrwpRcI34jc/Mp/KNZSO ryrQuecrprcYVSUFX2/YOmtFU1qomw0d+IH0mt7KcgIXZnyyfOXdttrj6tUFAQUiUrRFT9kKS60F hgwhMQUBAa16i9gbPlYV7XDdhgR/lHp8YTDgBEN8dzOmDMw7rWytvbw+e2iuR0NMGzY2iBtz54wJ wsic5hkGjTX+OuAMs2M1/VpMickPS/gFk+JwWwH0Cc1tTLTQDRdkQ6D/a5ueAFuo7LP2DqOIG8Gz +ZmhXUsrbnwV8TK6Au/WSRp0b1PPqbhY9hVv5A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/_98Wm4E5Dm9sLW98G51ZlwXX2N0>
Subject: [Ntp] Antwort: NTS for PTP feedback
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2024 14:39:24 -0000
Thanks for your interest and feedback. It's great to hear that another
---------------
In section 2.1, the draft states: "THEN the server requests the
client's X.509 certificate (via TLS Certificate Request)" (emphasis
added), after data is already exchanged over the TLS session. Since
TLS 1.3 there is no longer any support for a renegotiation during a
TLS session, hence this seems to not be possible within the TLS spec.
Do you mean that before honoring the request the server should check
that the client authenticated with a valid certificate during the
initial handshake?
The current solution is simpler: When an NTP/PTP client makes a request to the
Section 2.1.1 refers to "The group number", but this is neither
defined in the PTP specification, nor earlier in this document. What
is it? it seems to be very similar to the SPP defined in
IEEE1588-2019, why do we need it?
The group number is a concatenation of PTP domain, SdoId, and an optional
The 'optional user-defined value' allows to create further subgroups in a PTP network
The SPP in the PTP Authentication TLV does not really work because the field is way too
The fields in section 3.2.11 are not aligned. This can be problematic
when implementing on platforms like ARM.
What specific problems would there be with ARM?
Per 16.14.2 of IEEE1588-2019, the key management mechanism should
provide a sequenceID window, but the specification doesn't state how
this is provided.
Sequence numbers are used for replay protection, although a decision has not yet been
From my point of view, it is not critical if NTS discards the PTP packets that arrive in the
Exceptions are request/response messages where random numbers are used in the request
...This part will be added in future draft versions.
General remarks
-------------------------
Draft allocates concrete numbers in ranges not reserved for
experimental or private use, rather than waiting for IANA assignment.
I would suggest removing the concrete values for now, suggesting
experimental use numbers for draft implementations.
Draft repeats the same subject multiple times and is in general quite
all over the place.
General language use around the "messages" is unclear. What is a
message, what is a record structure in this context?
There also seems a lot of repetition of structures and information
already standardised in other specifications. I would suggest mostly
removing this and refering to the relevant specifications. In
particular, I would avoid including full tables of identifiers defined
accross multiple standards.
__________________________________________
Dr.-Ing. Martin Langer
Physikalisch-Technische Bundesanstalt (PTB)
Working Group 4.42 "Dissemination of Time"
Bundesallee 100,
38116 Braunschweig (Germany)
Tel.: +49 531 592-4470
E-Mail: martin.langer@ptb.de
__________________________________________
>An: "NTP WG" <ntp@ietf.org>
>Von: "David Venhoek" <david@venhoek.nl>
>Gesendet von: "ntp" <ntp-bounces@ietf.org>
>Datum: 01.02.2024 15:46
>Betreff: [Ntp] NTS for PTP feedback
>
>Hi All,
>
>I've worked through the nts for ptp draft today in preparation for
>also making a proof of concept implementation in statime. Below a
>number of comments on the current draft. Note that my focus currently
>was on multicast only, so I haven't looked in detail yet at the
>unicast-specific parts.
>
>Kind regards,
>David Venhoek
>
>Major issues
>---------------
>In section 2.1, the draft states: "THEN the server requests the
>client's X.509 certificate (via TLS Certificate Request)" (emphasis
>added), after data is already exchanged over the TLS session. Since
>TLS 1.3 there is no longer any support for a renegotiation during a
>TLS session, hence this seems to not be possible within the TLS spec.
>Do you mean that before honoring the request the server should check
>that the client authenticated with a valid certificate during the
>initial handshake?
>
>Section 2.1.1 refers to "The group number", but this is neither
>defined in the PTP specification, nor earlier in this document. What
>is it? it seems to be very similar to the SPP defined in
>IEEE1588-2019, why do we need it?
>
>The fields in section 3.2.11 are not aligned. This can be problematic
>when implementing on platforms like ARM.
>
>Per 16.14.2 of IEEE1588-2019, the key management mechanism should
>provide a sequenceID window, but the specification doesn't state how
>this is provided.
>
>General remarks
>-------------------------
>Draft allocates concrete numbers in ranges not reserved for
>experimental or private use, rather than waiting for IANA assignment.
>I would suggest removing the concrete values for now, suggesting
>experimental use numbers for draft implementations.
>
>Draft repeats the same subject multiple times and is in general quite
>all over the place.
>
>General language use around the "messages" is unclear. What is a
>message, what is a record structure in this context?
>
>There also seems a lot of repetition of structures and information
>already standardised in other specifications. I would suggest mostly
>removing this and refering to the relevant specifications. In
>particular, I would avoid including full tables of identifiers
>defined
>accross multiple standards.
>
>_______________________________________________
>ntp mailing list
>ntp@ietf.org
>https://www.ietf.org/mailman/listinfo/ntp" target="_blank" rel="noopener noreferrer nofollow">https://www.ietf.org/mailman/listinfo/ntp
>
- [Ntp] NTS for PTP feedback David Venhoek
- [Ntp] Antwort: NTS for PTP feedback martin.langer