IETF Logo Mail Archive

Re: [Ntp] NTS IANA request

" tglassey@earthlink.net " <tglassey@earthlink.net> Sun, 09 June 2019 08:53 UTC

Return-Path: <tglassey@earthlink.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 099C0120159 for <ntp@ietfa.amsl.com>; Sun, 9 Jun 2019 01:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.72
X-Spam-Level:
X-Spam-Status: No, score=-1.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=earthlink.net; domainkeys=pass (2048-bit key) header.from=tglassey@earthlink.net header.d=earthlink.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yv7cBtwqbNiP for <ntp@ietfa.amsl.com>; Sun, 9 Jun 2019 01:53:47 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4153120099 for <ntp@ietf.org>; Sun, 9 Jun 2019 01:53:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=earthlink.net; s=dk12062016; t=1560070427; bh=/FSUdkMbvoB5oC45CMj36TwgXqoDNNOprIfE SgxYOuc=; h=Received:To:From:Cc:Subject:Date:MIME-Version: Content-Type:Message-ID:X-ELNK-Trace:X-Originating-IP; b=OtYvdQ+u7 ufA74UqcBl98xig3E/B6MUjsVSfekTI/VBvQe8Q4iRrrqgh2QUsubgu2w9fICT78ff1 dQmqD5yi9nwR1nbpt/pSVJrNOSdXAJaUentkGwPHr7j1IUWFTdjxExbcQrXqukH0qXx wYdcuV6el3cPucWiOwQ6CLCenN7vMvCp+4R4W93DyvqRs7iVXRvu0V7BVMZ1qHStcpy KCCdeQIzG+YTLaUqyWyk3X0Grb4yGnkTd+s3tHclLz3tkJ+2AsFJ75ZF+5tnw7y+PSk iw4yflBTC8UX6hvcvzXBm4dsynjeZHAapaUOYeFsSI3d5wdY6/SZFvX9lSwoAKtsw==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk12062016; d=earthlink.net; b=LAB5Bu1r1HMEYz2wtJBRh1pJa526dMy0P4bG2JvZ56bkfPq0J1WIO0zf9yRQ22hSU2lqMVirn1XS4a2nGpPBKu97FN5zgjCJPeX2fQ/j8ilEX6WYIKOpwMu8K/pDtVTOCBi5mxGvCYyzxssl2lH91/Vh7nUlgYkXb9yW9DGyua+H9csJTqxIVdY/XmnAxi6DMa4aOly8Ay9qFsvv0aMdRlkyN+DmVHNd/ZbtiSRR4h5qw+C7JKbhhfW2JfSid2RbIbTHSigJS0/Kz2BcfF6p7FvuMFrgzQKUIyOMUqFH1mwN9i09iUMBeY4MF32oviSAV9SoKun4QfvJ63gm7nXqIg==; h=Received:To:From:Cc:Subject:Date:MIME-Version:Content-Type:Message-ID:X-ELNK-Trace:X-Originating-IP;
Received: from [107.92.56.110] (helo=[10.169.158.27]) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <tglassey@earthlink.net>) id 1hZtaC-000FGl-Rm; Sun, 09 Jun 2019 04:53:45 -0400
To: "kodonog@pobox.com" <kodonog@gmail.com>, Harlan Stenn <stenn@nwtime.org>
From: "tglassey@earthlink.net" <tglassey@earthlink.net>
Cc: ntp@ietf.org
Date: Sun, 09 Jun 2019 11:53:42 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_0_1560070422419"
Message-ID: <E1hZtaC-000FGl-Rm@elasmtp-dupuy.atl.sa.earthlink.net>
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79a4cd8bcb28aefaa6d3718a6bd43139cd350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 107.92.56.110
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/_tsQ9UTy7tKFt-HJdKOROaHibqc>
Subject: Re: [Ntp] NTS IANA request
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jun 2019 08:53:50 -0000

Err this not thus 

Sent from my HTC, so please excuse any typos.

----- Reply message -----
From: "tglassey@earthlink.net" <tglassey@earthlink.net>
To: "kodonog@pobox.com" <kodonog@gmail.com>, "Harlan Stenn" <stenn@nwtime.org>
Cc: <ntp@ietf.org>
Subject: [Ntp]NTS IANA request
Date: Sun, Jun 9, 2019 11:50

Thank you Karen. 

I want to spin thus with there are today three areas of concern. They are 

1) ultra accurate time transfer and the receipt and acknowledgement of that transfer. 

2) use policy controls for time servers and clients 

3) audit mechanisms for proving the integrity after the fact of #1's functionality. 

Not all use models will be totally compatible with #2 and #3 so we need to understand and build templates for each.  

The goal is to build a unified tool suite for as many use constructs and methods as we can, and ones that simplify proving time transfer and tracking accuracy in All (or as many as possible) methods or templates we build.

This is key for other standards to rely on NTP as part if their standards. Take PCIDSS as10.4 for example as just one critical external standard relying on NTP. 

The ideas espoused in limiting specific use models by a few here are actually dangerous to the bigger picture of building secured and reliable time transfer practicess, so in that sense I wanted to thank you for these comments.

//tsg

Sent from my HTC, so please excuse any typos.

----- Reply message -----
From: "kodonog@pobox.com" <kodonog@gmail.com>
To: "Harlan Stenn" <stenn@nwtime.org>
Cc: <ntp@ietf.org>
Subject: [Ntp] NTS IANA request
Date: Fri, Jun 7, 2019 06:23

Harlan,

As we have discussed privately, this type of email response is not helpful.
Please limit your comments on the mailing list to specific technical concerns.

Thank you!
Karen

On 6 Jun 2019, at 17:42, Harlan Stenn wrote:

> As best as I can tell, the following is total rubbish.
>
> H
>
> On 6/6/2019 11:28 AM, Daniel Franke wrote:
>> As a slight tangent, we never concluded the discussion as to what
>> we're going to do about the fact that so many ISPs are dropping
>> 123/udp traffic with payloads larger than 48 bytes. I think we got as
>> far as concluding:
>>
>> 1. We're never going to persuade enough ISPs to change their policy,
>> making 123/udp basically doomed.
>> 2. NTS-KE's port negotiation record gives us all the mechanism we >> need
>> in order to run NTP-with-NTS over an alternate port.
>>
>> But that left an unresolved question: do we allocate a fixed >> alternate
>> UDP port, or should servers ask the OS for a dynamic port and then >> use
>> NTS-KE to advertise whatever the OS assigns to them? Both choices >> have
>> firewall-related drawbacks. If we use a fixed port, we risk landing
>> ourselves right back in the same situation we're in today with 123. >> At
>> minimum, to protect ourselves from this, the NTF would have to commit
>> to adding some code to ntpd such that it will refuse to ever send >> mode
>> 6 or 7 responses over the new port no matter what configuration the
>> user gives it. (Yes, mode 6 too, because mode 6 still amplifies, just
>> not as severely as mode 7 does). If we use a dynamic port, then it
>> becomes much harder for ISPs to block us, but it also becomes harder
>> for corporate firewalls with a default-deny-all policy to let us
>> through.
>>
>> On Thu, Jun 6, 2019 at 1:06 PM Salz, Rich <rsalz@akamai.com> wrote:
>>>
>>>>    I'm strongly opposed to modifying NTS-KE to involve sending a >>>> STARTTLS
>>>     as a first step of the handshake. I don't want to make a >>> brea

v2.23.0 | Report a Bug | By Email