Re: [Ntp] The trick to timestamp with authentication
Miroslav Lichvar <mlichvar@redhat.com> Mon, 07 December 2020 10:54 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B4FC3A12FB for <ntp@ietfa.amsl.com>; Mon, 7 Dec 2020 02:54:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXhYeJygveny for <ntp@ietfa.amsl.com>; Mon, 7 Dec 2020 02:54:10 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CC6B3A12FA for <ntp@ietf.org>; Mon, 7 Dec 2020 02:54:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607338449; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZoEEdi/SiEkeMpy2NRDrEHEmh47RXvzy/dD2Vr/cOdI=; b=KnU0BUbHhSK8vRYXYFR1jrPjK4qF4ZArh+frhBNVVzWGuAlAvC81nv9lnUkVTggVNZV3WM +a3Ai5GcTaDP2TpGsACx67ektEqyKQcy8W+ESVwmgpjWCAonOhtFhDVSNCtRabi8Phk/vn u7Two40KQxCF5SHRdL8+NbAgn+kWHE0=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-33-l27_JLSMOqqH7rbbOt4k1g-1; Mon, 07 Dec 2020 05:54:07 -0500
X-MC-Unique: l27_JLSMOqqH7rbbOt4k1g-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 84C271005504 for <ntp@ietf.org>; Mon, 7 Dec 2020 10:54:06 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0AB662BCC3 for <ntp@ietf.org>; Mon, 7 Dec 2020 10:54:05 +0000 (UTC)
Date: Mon, 07 Dec 2020 11:54:06 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: ntp@ietf.org
Message-ID: <20201207105406.GF2352378@localhost>
References: <doug.arnold@meinberg-usa.com> <BEF7C4D9-81CD-42AD-BA06-433D45C0DCD1@meinberg-usa.com> <20201203233634.15F7940605C@ip-64-139-1-69.sjc.megapath.net> <12C6B0FF-8C20-4363-AF41-FDF98B2D8072@meinberg-usa.com>
MIME-Version: 1.0
In-Reply-To: <12C6B0FF-8C20-4363-AF41-FDF98B2D8072@meinberg-usa.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/bdC96SVu5RGPF0InMWV36useCT4>
Subject: Re: [Ntp] The trick to timestamp with authentication
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2020 10:54:11 -0000
On Fri, Dec 04, 2020 at 01:03:16AM +0000, Doug Arnold wrote: > The ntp working group could decide ntpv5 can support on path corrections or security, but not both. However, I suspect a lot of people would be disappointed. Please don't forget that MITM attackers can delay packets and cause larger errors in NTP measurements than unauthenticated corrections. Not allowing switches to make unauthenticated corrections in authenticated packets will not improve security. -- Miroslav Lichvar
- [Ntp] The trick to timestamp with authentication Watson Ladd
- Re: [Ntp] The trick to timestamp with authenticat… Hal Murray
- Re: [Ntp] The trick to timestamp with authenticat… Doug Arnold
- Re: [Ntp] The trick to timestamp with authenticat… Hal Murray
- Re: [Ntp] The trick to timestamp with authenticat… Doug Arnold
- Re: [Ntp] The trick to timestamp with authenticat… James
- Re: [Ntp] The trick to timestamp with authenticat… Dieter Sibold
- Re: [Ntp] The trick to timestamp with authenticat… Miroslav Lichvar
- [Ntp] Antwort: Re: The trick to timestamp with au… kristof.teichel
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Dieter Sibold
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Philip Prindeville
- Re: [Ntp] Antwort: Re: The trick to timestamp wit… Watson Ladd