Re: [Ntp] Objections to the current language in draft-ietf-data-minimization
Watson Ladd <watsonbladd@gmail.com> Tue, 26 March 2019 09:42 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3EF12029B for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 02:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIdnKrenhshX for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 02:42:00 -0700 (PDT)
Received: from mail-lf1-x142.google.com (mail-lf1-x142.google.com [IPv6:2a00:1450:4864:20::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 109CF120282 for <ntp@ietf.org>; Tue, 26 Mar 2019 02:42:00 -0700 (PDT)
Received: by mail-lf1-x142.google.com with SMTP id 5so8134989lft.12 for <ntp@ietf.org>; Tue, 26 Mar 2019 02:41:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pupnO6SX+qT1Ry1rexqGPpIbnS3u1oyb9jIk/+EkiBY=; b=nshMbcRtMfgA6Hz0rGcZZ5K2G4NNnlAPKtmWJ9ODEGg2TVVdRAZKCBn1rwa92sEQGa oKgr1UTMcx6rq31CNH5Oo0hQLHW2jZAovwlQVh73upFh4FPrBYQqSHyb0o2j9hzuPFdH 74hDyoHaIH212CP9JEYtS41XxEy++eNjZoj8jB+AzWuJsB+fj14fE4x091Bl98LHCiuf YY0sAoOQAZ+1GsensF3YNW5lu9H74G3T7POcwlkTvFM2zbznHG7RwTcCpvH3sugeGZQE 2L19X1KiqKyj0fBhptBC6sl9uXaEJdCNDhOsbz5kLp6aweWoxiMUag4BLjrDZvrkCOE4 G5Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pupnO6SX+qT1Ry1rexqGPpIbnS3u1oyb9jIk/+EkiBY=; b=TMzbt/XqJgy/WOlxFC7LGy2YaRMjwxcfFkXZnM3ktlfdobDTxMYJ3RQnoU93LhEkA7 hXHStcCj8m6i6AZTtmtMJD44c4YgaX9yUoTQmFCc254Lcx5rI6blflVxQj15ENv0ATJ3 KRzJK/YjLrsytoO+3gJ4zF7bd5dEnZEFCAmCdiORQsneCbmLVXz/8IKjXHnxvqsu3AMW oUeloQ5NB8OTuI7BTAp8bvn1v9/zmYl4cgLGXxjVn5LIPAxRruF9lzCHVqrCX2iaa0f8 yOObbPaiG3FNmyF6jVBG/iEncuqa+0SLd/0yN4Pu4XQknhh8a+mT3yqewk0ozSKAT6Zf GRyA==
X-Gm-Message-State: APjAAAXdVmEIQMPU/Q7S7f1DbDlF6x+WvceSfqNE72xg1O2KehGwxvQV vABEobhZ8uCr0rKTGIHCg8OP5B5FVW7dGxcHmCP1aU8Q
X-Google-Smtp-Source: APXvYqyzbqJj39uHNFIH8Au4k4lwzq8sBGu8dzmOh49socKcT7DE9u6jdlLzGyoclu8DRh28zCgHmiFoZSoqALd/9AQ=
X-Received: by 2002:ac2:5629:: with SMTP id b9mr14437921lff.100.1553593318195; Tue, 26 Mar 2019 02:41:58 -0700 (PDT)
MIME-Version: 1.0
References: <8b9e85cb-3d6a-4e71-cbe7-9956e301a22d@nwtime.org>
In-Reply-To: <8b9e85cb-3d6a-4e71-cbe7-9956e301a22d@nwtime.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 26 Mar 2019 10:41:46 +0100
Message-ID: <CACsn0c=SrDXWNg7pNFHy0yLKugNLTADMbE9ae4iiNAhNPc6Y8g@mail.gmail.com>
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
Content-Type: multipart/alternative; boundary="000000000000db480b0584fc2166"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/b6yDqwg_cSQon0NceSCXblVRRBU>
Subject: Re: [Ntp] Objections to the current language in draft-ietf-data-minimization
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 09:42:05 -0000
On Tue, Mar 26, 2019, 9:02 AM Harlan Stenn <stenn@nwtime.org> wrote: > In my opinion, draft-ietf-ntp-data-minimization-04, like its -03 > predecessor, exclusively focuses on ways to expose as little information > as possible and completely ignores and discounts the costs or problems > that can and in some cases will occur if its recommendations are followed. > > If my claims are accepted, section 1. Introduction of > draft-ietf-ntp-data-minimization should be appropriately rewritten to > remove its incorrect, or at least misleading, claims, and many of the > “SHOULD” recommendations in the document should be changed to “MAY”. > > In particular, draft-ietf-ntp-data-minimization blindly and explicitly > recommends setting LI, the poll interval, and the REFID to 0, with no > offered analysis for the costs or benefits of the effects of these > recommendations. > > In this email I’ll use a leap second event to illustrate these points. > > Regardless of whether or not you believe leap smearing is “good”, there > are time servers out there that only offer correct time, some that only > offer leap-smeared time, and some that offer one or the other - > depending on how they’re asked. > > For better or worse, a noticeable group of time server operators now > offer leap-smeared time in response to NTP mode 3 (client) requests. > Sometimes this is what the clients want, sometimes it is not. > Regardless, there is clear value and benefit in being able to see if: > > a server is offering correct, or leap-smeared time > a client is following a correct, or a leap-smearing server > > Let’s look a the poll interval first. If a server knows a leap second > event is coming, it is in a position to look at the poll interval from > the client and send back a recommended poll interval that will make sure > the client properly handles leap second handling. Yes, even if the > client “lies” and doesn’t tell the server its actual poll interval, the > server can respond conservatively, and be responsible to the client. > This behavior may well cause an unnecessary increase in the server load. > It is also possible that the server may choose to remember the IP and > port of the incoming request to independently try and verify the actual > poll interval used. But this is also a case of cost-shifting, and I am > opposed to it. > Alternatively clients can ensure that they pull at least once every 24 hours so they will know when a second happens. > Now let’s move to the approaching leap second event. In this case, I’ll > be assuming the behavior of what I call 12/12 leap smearing, where a > half-second of correction is applied beginning at UTC noon on the day of > the leap second (ie, for 12 hours’ time), and the final half-second of > correction is applied starting at midnight UTC after the leap second was > applied until UTC noon on the day after the leap second (ie, for the > remaining 12 hours’ time). > To save folks from having to look it up, NTP communicates knowledge > about pending leap events via the first two bits of the NTP packet, > known as the LI, or Leap Indicator bits: > > 0x0 Normal time > 0x1 Last minute of the last DOM has 61 seconds > 0x2 Last minute of the last DOM has 59 seconds > 0x3 Not synchronized > > NTP instances sending mode 3 (client request) queries expect to receive > a mode 4 (server) response. This response may be the correct time, and > it may be leap-smeared time. The key questions are: > > - Does the client want leap-smeared time? > - Should the server respond with correct, or leap-smeared time? > > This leads to the follow-on questions: > > - How can the client know if it's getting correct, or leap-smeared time? > - How can one tell if a client is following a leap-smearing server? > > The following simple solution handles both of the first two questions. > Is this current behavior? > If the client sends its request with LI values of 0x1 or 0x2, it is > telling the server that it believes a leap event is pending. In this > case the server SHOULD respond with correct time with an LI value of > 0x0, 0x1, or 0x2; not leap-smeared time. If the client sends a packet > with LI=0x3, the server SHOULD also respond with correct time with an LI > value of 0x0, 0x1, or 0x2. > > If the client sends its request with an LI value of 0x0 before leap > smearing starts, the server SHOULD respond with correct time with an LI > value of 0x0, 0x1, or 0x2. If the client sends its request with an LI > value of 0x0 *during* a leap smear correction, the server SHOULD respond > with leap-smeared time and an LI value of 0x0, and MAY respond with > correct time and an LI value of 0x1 or 0x2. > > Furthermore, responses containing leap-smeared time SHOULD include a > REFID that identifies the "system peer" as a leap-smeared source. See > draft-stenn-ntp-leap-smear-refid for more information. This response > also SHOULD include a SUGGESTED-REFID extension field, as described by > draft-stenn-ntp-suggest-refid, to make it obvious that the system is > following leap-smeared time. These points address the two follow-on > questions. > > The LEAP-SMEAR-REFID and SUGGESTED-REFID extensions have another key > role during the application of a leap smear - that of making sure the > system behaves properly during the last half of the 12/12 leap smear > correction. > > Once the leap second has applied, the LI value for correct time reverts > to 0x0. When a leap smearing client asks for time during the second > phase of this correction, it will be sending its requests with LI=0x0, > as *all* time requests from a leap-smearing client will contain LI=0x0 > when a leap event is not pending. But in this case, how does the server > know it should continue sending leap-smeared time, as opposed to correct > time? The answer is that the client requests include the client's > REFID, which in this case SHOULD be a LEAP-SMEAR-REFID. > A future spec of this behavior can override the draft or future rfc. Why is that not an option? > When a server receives a mode 3 (client) request containing a > LEAP-SMEAR-REFID during the second phase of a leap-smear correction, the > server SHOULD respond with leap-smeared time and a LEAP-SMEAR-REFID as > the SUGGESTED-REFID. > > When the leap-smear correction has ended, normal query/responses will > again be in effect. > > Finally, servers should know when a leap event is about to occur. Other > systems may not have this information. It’s polite, cooperative, and > informative if the client sends its poll interval to the server. A > server that knows a leap second event is coming SHOULD reply with a > suggested poll interval that will, even in the face of dropped UDP > packets, allow the client that pays attention to the suggested poll > interval from the server to re-query often enough to quickly track these > events and stay well-synchronized. > > In short, if you care about data minimization more than you care about > having accurate synchronized time, minimize away. > > If you are primarily interested in having accurate synchronized time, > playing nice with others, getting the time you want and be able to see > what's going on during a leap second event: > > - be honest with your LI bits > - be honest when reporting your poll interval > - pay attention if a server asks you to adjust your poll interval > - consciously choose the REFID in your messages > > The upcoming (full) Reference Implementation release of ntp-4.4.0 from > the NTP Project will have these behaviors in it. > Apparently not. And what is this a reference implementation of if the standard has not been updated to include these behaviors? > -- > Harlan Stenn, Network Time Foundation > http://nwtime.org - be a Member! > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp >
- [Ntp] Objections to the current language in draft… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Watson Ladd
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Dieter Sibold
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Martin Burnicki
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Miroslav Lichvar
- Re: [Ntp] Objections to the current language in d… Heiko Gerstung
- Re: [Ntp] Objections to the current language in d… kristof.teichel
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… kristof.teichel
- Re: [Ntp] Objections to the current language in d… Martin Burnicki
- Re: [Ntp] Objections to the current language in d… Martin Burnicki
- Re: [Ntp] Objections to the current language in d… Harlan Stenn
- Re: [Ntp] Objections to the current language in d… Heiko Gerstung
- Re: [Ntp] Objections to the current language in d… Martin Burnicki