Re: [Ntp] NTPv5 draft
Philip Prindeville <philipp@redfish-solutions.com> Mon, 07 December 2020 22:25 UTC
Return-Path: <philipp@redfish-solutions.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1463A0C28 for <ntp@ietfa.amsl.com>; Mon, 7 Dec 2020 14:25:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KkF2Oe9TOLl for <ntp@ietfa.amsl.com>; Mon, 7 Dec 2020 14:25:54 -0800 (PST)
Received: from mail.redfish-solutions.com (mail.redfish-solutions.com [45.33.216.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E00C93A0C00 for <ntp@ietf.org>; Mon, 7 Dec 2020 14:25:53 -0800 (PST)
Received: from [192.168.3.4] ([192.168.3.4]) (authenticated bits=0) by mail.redfish-solutions.com (8.16.1/8.16.1) with ESMTPSA id 0B7MPoC5118766 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 7 Dec 2020 15:25:50 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.21\))
From: Philip Prindeville <philipp@redfish-solutions.com>
In-Reply-To: <4719090B-86D5-4BB5-BCBE-E0DF739D6816@meinberg-usa.com>
Date: Mon, 07 Dec 2020 15:25:50 -0700
Cc: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Miroslav Lichvar <mlichvar@redhat.com>, "ntp@ietf.org" <ntp@ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E67C9778-5EAF-42F8-805A-F64BEA8FF44A@redfish-solutions.com>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost> <F62C1325-8409-474C-9650-FA96405D0F4B@gmail.com> <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com> <4719090B-86D5-4BB5-BCBE-E0DF739D6816@meinberg-usa.com>
To: Doug Arnold <doug.arnold@meinberg-usa.com>
X-Mailer: Apple Mail (2.3654.20.0.2.21)
X-Scanned-By: MIMEDefang 2.84 on 192.168.1.3
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/aMkk1ljaaSfG-1TEtgEMawkiNMo>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2020 22:26:02 -0000
If you’re saying “we all agree […] it could be optional” then I dissent. I think that “private networks” and the notion of “the Intranet as implicitly secure” and the term “inside the perimeter” will fall by the wayside before 2030. One of my previous employers (Gigamon) built an entire business model on the assumption that you need to monitor internal traffic for malware, insider attacks, etc. and hence marketed “network visibility appliances” (i.e. switches and taps that could intercept traffic and clone it to an IDS for real-time analysis). The market apparently agrees. Those that don’t think they need security inside their perimeter are simply those that haven’t had an insider attack, or someone bring in a contaminated laptop onto the campus network, etc… or haven’t yet realized that they have. > On Dec 7, 2020, at 3:10 PM, Doug Arnold <doug.arnold@meinberg-usa.com> wrote: > > I think that we all agree that ntpv5 has to have a security mechanism, but it could be optional and/or described in a separate document. Time over the open internet is a popular use case, and it must be covered. But there is a lot of ntp in private networks. Many network operators in these networks will want to turn on security, but probably not all. > > Doug > > On 12/7/20, 11:38 AM, "ntp on behalf of Salz, Rich" <ntp-bounces@ietf.org on behalf of rsalz=40akamai.com@dmarc.ietf.org> wrote: > > My view is that it is no longer acceptable to design a protocol for deployment on the open Internet that has no authentication or message integrity and that people who disagree are out of consensus. > > Does someone want to ask the current IESG for their view? > > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Steven Sommars
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft James
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTPv5 d… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTP… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Marcus Dansarie
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft kristof.teichel
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Christer Weinigel