IETF Logo Mail Archive

Re: [Ntp] Objections to the current language in draft-ietf-data-minimization

Watson Ladd <watsonbladd@gmail.com> Tue, 26 March 2019 09:42 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3EF12029B for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 02:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIdnKrenhshX for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 02:42:00 -0700 (PDT)
Received: from mail-lf1-x142.google.com (mail-lf1-x142.google.com [IPv6:2a00:1450:4864:20::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 109CF120282 for <ntp@ietf.org>; Tue, 26 Mar 2019 02:42:00 -0700 (PDT)
Received: by mail-lf1-x142.google.com with SMTP id 5so8134989lft.12 for <ntp@ietf.org>; Tue, 26 Mar 2019 02:41:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pupnO6SX+qT1Ry1rexqGPpIbnS3u1oyb9jIk/+EkiBY=; b=nshMbcRtMfgA6Hz0rGcZZ5K2G4NNnlAPKtmWJ9ODEGg2TVVdRAZKCBn1rwa92sEQGa oKgr1UTMcx6rq31CNH5Oo0hQLHW2jZAovwlQVh73upFh4FPrBYQqSHyb0o2j9hzuPFdH 74hDyoHaIH212CP9JEYtS41XxEy++eNjZoj8jB+AzWuJsB+fj14fE4x091Bl98LHCiuf YY0sAoOQAZ+1GsensF3YNW5lu9H74G3T7POcwlkTvFM2zbznHG7RwTcCpvH3sugeGZQE 2L19X1KiqKyj0fBhptBC6sl9uXaEJdCNDhOsbz5kLp6aweWoxiMUag4BLjrDZvrkCOE4 G5Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pupnO6SX+qT1Ry1rexqGPpIbnS3u1oyb9jIk/+EkiBY=; b=TMzbt/XqJgy/WOlxFC7LGy2YaRMjwxcfFkXZnM3ktlfdobDTxMYJ3RQnoU93LhEkA7 hXHStcCj8m6i6AZTtmtMJD44c4YgaX9yUoTQmFCc254Lcx5rI6blflVxQj15ENv0ATJ3 KRzJK/YjLrsytoO+3gJ4zF7bd5dEnZEFCAmCdiORQsneCbmLVXz/8IKjXHnxvqsu3AMW oUeloQ5NB8OTuI7BTAp8bvn1v9/zmYl4cgLGXxjVn5LIPAxRruF9lzCHVqrCX2iaa0f8 yOObbPaiG3FNmyF6jVBG/iEncuqa+0SLd/0yN4Pu4XQknhh8a+mT3yqewk0ozSKAT6Zf GRyA==
X-Gm-Message-State: APjAAAXdVmEIQMPU/Q7S7f1DbDlF6x+WvceSfqNE72xg1O2KehGwxvQV vABEobhZ8uCr0rKTGIHCg8OP5B5FVW7dGxcHmCP1aU8Q
X-Google-Smtp-Source: APXvYqyzbqJj39uHNFIH8Au4k4lwzq8sBGu8dzmOh49socKcT7DE9u6jdlLzGyoclu8DRh28zCgHmiFoZSoqALd/9AQ=
X-Received: by 2002:ac2:5629:: with SMTP id b9mr14437921lff.100.1553593318195; Tue, 26 Mar 2019 02:41:58 -0700 (PDT)
MIME-Version: 1.0
References: <8b9e85cb-3d6a-4e71-cbe7-9956e301a22d@nwtime.org>
In-Reply-To: <8b9e85cb-3d6a-4e71-cbe7-9956e301a22d@nwtime.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 26 Mar 2019 10:41:46 +0100
Message-ID: <CACsn0c=SrDXWNg7pNFHy0yLKugNLTADMbE9ae4iiNAhNPc6Y8g@mail.gmail.com>
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
Content-Type: multipart/alternative; boundary="000000000000db480b0584fc2166"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/b6yDqwg_cSQon0NceSCXblVRRBU>
Subject: Re: [Ntp] Objections to the current language in draft-ietf-data-minimization
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 09:42:05 -0000

On Tue, Mar 26, 2019, 9:02 AM Harlan Stenn <stenn@nwtime.org> wrote:

> In my opinion, draft-ietf-ntp-data-minimization-04, like its -03
> predecessor, exclusively focuses on ways to expose as little information
> as possible and completely ignores and discounts the costs or problems
> that can and in some cases will occur if its recommendations are followed.
>
> If my claims are accepted, section 1. Introduction of
> draft-ietf-ntp-data-minimization should be appropriately rewritten to
> remove its incorrect, or at least misleading, claims, and many of the
> “SHOULD” recommendations in the document should be changed to “MAY”.
>
> In particular, draft-ietf-ntp-data-minimization blindly and explicitly
> recommends setting LI, the poll interval, and the REFID to 0, with no
> offered analysis for the costs or benefits of the effects of these
> recommendations.
>
> In this email I’ll use a leap second event to illustrate these points.
>
> Regardless of whether or not you believe leap smearing is “good”, there
> are time servers out there that only offer correct time, some that only
> offer leap-smeared time, and some that offer one or the other -
> depending on how they’re asked.
>
> For better or worse, a noticeable group of time server operators now
> offer leap-smeared time in response to NTP mode 3 (client) requests.
> Sometimes this is what the clients want, sometimes it is not.
> Regardless, there is clear value and benefit in being able to see if:
>
> a server is offering correct, or leap-smeared time
> a client is following a correct, or a leap-smearing server
>
> Let’s look a the poll interval first.  If a server knows a leap second
> event is coming, it is in a position to look at the poll interval from
> the client and send back a recommended poll interval that will make sure
> the client properly handles leap second handling.  Yes, even if the
> client “lies” and doesn’t tell the server its actual poll interval, the
> server can respond conservatively, and be responsible to the client.
> This behavior may well cause an unnecessary increase in the server load.
>  It is also possible that the server may choose to remember the IP and
> port of the incoming request to independently try and verify the actual
> poll interval used.  But this is also a case of cost-shifting, and I am
> opposed to it.
>

Alternatively clients can ensure that they pull at least once every 24
hours so they will know when a second happens.


> Now let’s move to the approaching leap second event.  In this case, I’ll
> be assuming the behavior of what I call 12/12 leap smearing, where a
> half-second of correction is applied beginning at UTC noon on the day of
> the leap second (ie, for 12 hours’ time), and the final half-second of
> correction is applied starting at midnight UTC after the leap second was
> applied until UTC noon on the day after the leap second (ie, for the
> remaining 12 hours’ time).
> To save folks from having to look it up, NTP communicates knowledge
> about pending leap events via the first two bits of the NTP packet,
> known as the LI, or Leap Indicator bits:
>
>  0x0    Normal time
>  0x1    Last minute of the last DOM has 61 seconds
>  0x2    Last minute of the last DOM has 59 seconds
>  0x3    Not synchronized
>
> NTP instances sending mode 3 (client request) queries expect to receive
> a mode 4 (server) response.  This response may be the correct time, and
> it may be leap-smeared time.  The key questions are:
>
> - Does the client want leap-smeared time?
> - Should the server respond with correct, or leap-smeared time?
>
> This leads to the follow-on questions:
>
> - How can the client know if it's getting correct, or leap-smeared time?
> - How can one tell if a client is following a leap-smearing server?
>
> The following simple solution handles both of the first two questions.
>

Is this current behavior?


> If the client sends its request with LI values of 0x1 or 0x2, it is
> telling the server that it believes a leap event is pending.  In this
> case the server SHOULD respond with correct time with an LI value of
> 0x0, 0x1, or 0x2; not leap-smeared time.  If the client sends a packet
> with LI=0x3, the server SHOULD also respond with correct time with an LI
> value of 0x0, 0x1, or 0x2.
>
> If the client sends its request with an LI value of 0x0 before leap
> smearing starts, the server SHOULD respond with correct time with an LI
> value of 0x0, 0x1, or 0x2.  If the client sends its request with an LI
> value of 0x0 *during* a leap smear correction, the server SHOULD respond
> with leap-smeared time and an LI value of 0x0, and MAY respond with
> correct time and an LI value of 0x1 or 0x2.
>
> Furthermore, responses containing leap-smeared time SHOULD include a
> REFID that identifies the "system peer" as a leap-smeared source.  See
> draft-stenn-ntp-leap-smear-refid for more information.  This response
> also SHOULD include a SUGGESTED-REFID extension field, as described by
> draft-stenn-ntp-suggest-refid, to make it obvious that the system is
> following leap-smeared time.  These points address the  two follow-on
> questions.
>
> The LEAP-SMEAR-REFID and SUGGESTED-REFID extensions have another key
> role during the application of a leap smear - that of making sure the
> system behaves properly during the last half of the 12/12 leap smear
> correction.
>
> Once the leap second has applied, the LI value for correct time reverts
> to 0x0.  When a leap smearing client asks for time during the second
> phase of this correction, it will be sending its requests with LI=0x0,
> as *all* time requests from a leap-smearing client will contain LI=0x0
> when a leap event is not pending.  But in this case, how does the server
> know it should continue sending leap-smeared time, as opposed to correct
> time?  The answer is that the client requests include the client's
> REFID, which in this case SHOULD be a LEAP-SMEAR-REFID.
>

A future spec of this behavior can override the draft or future rfc. Why is
that not an option?


> When a server receives a mode 3 (client) request containing a
> LEAP-SMEAR-REFID during the second phase of a leap-smear correction, the
> server SHOULD respond with leap-smeared time and a LEAP-SMEAR-REFID as
> the SUGGESTED-REFID.
>
> When the leap-smear correction has ended, normal query/responses will
> again be in effect.
>
> Finally, servers should know when a leap event is about to occur.  Other
> systems may not have this information.  It’s polite, cooperative, and
> informative if the client sends its poll interval to the server.  A
> server that knows a leap second event is coming SHOULD reply with a
> suggested poll interval that will, even in the face of dropped UDP
> packets, allow the client that pays attention to the suggested poll
> interval from the server to re-query often enough to quickly track these
> events and stay well-synchronized.
>
> In short, if you care about data minimization more than you care about
> having accurate synchronized time, minimize away.
>
> If you are primarily interested in having accurate synchronized time,
> playing nice with others, getting the time you want and be able to see
> what's going on during a leap second event:
>
> - be honest with your LI bits
> - be honest when reporting your poll interval
> - pay attention if a server asks you to adjust your poll interval
> - consciously choose the REFID in your messages
>
> The upcoming (full) Reference Implementation release of ntp-4.4.0 from
> the NTP Project will have these behaviors in it.
>

Apparently not. And what is this a reference implementation of if the
standard has not been updated to include these behaviors?


> --
> Harlan Stenn, Network Time Foundation
> http://nwtime.org - be a Member!
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
>

v2.23.0 | Report a Bug | By Email