IETF Logo Mail Archive

Re: [Ntp] Should NTPv5 have QUIC bindings?

Tony Finch <dot@dotat.at> Tue, 26 October 2021 21:48 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11903A18BD for <ntp@ietfa.amsl.com>; Tue, 26 Oct 2021 14:48:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UE9odr3CiHUc for <ntp@ietfa.amsl.com>; Tue, 26 Oct 2021 14:48:44 -0700 (PDT)
Received: from ppsw-40.csi.cam.ac.uk (ppsw-40.csi.cam.ac.uk [131.111.8.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 761303A18BC for <ntp@ietf.org>; Tue, 26 Oct 2021 14:48:44 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: https://help.uis.cam.ac.uk/email-scanner-virus
Received: from [87.74.217.245] (port=50169 helo=milebook.lan) by ppsw-40.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.158]:25) with esmtpsa (PLAIN:fanf2) (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1mfUJA-000zj7-mC (Exim 4.95) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 26 Oct 2021 22:48:36 +0100
Date: Tue, 26 Oct 2021 22:48:36 +0100
From: Tony Finch <dot@dotat.at>
To: Hal Murray <halmurray+ietf@sonic.net>
cc: "Salz, Rich" <rsalz@akamai.com>, "ntp@ietf.org" <ntp@ietf.org>
In-Reply-To: <20211021202959.9F02028C0F3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
Message-ID: <d3cef848-4ed1-58dc-c2e1-a7ae3c1b37ba@dotat.at>
References: <20211021202959.9F02028C0F3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/bpiS44ae8hfY788U7MiR-M9DmOY>
Subject: Re: [Ntp] Should NTPv5 have QUIC bindings?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 21:48:49 -0000

Hal Murray <halmurray+ietf@sonic.net> wrote:
>
> I'm assuming the idea is to replace NTS with QUIC.
>
> One of the goals of NTS was to avoid per-connection storage on the server.  It
> uses TLS to get cookies that hold the connection info.  I don't see how to do
> that with QUIC.

I guess the client could use 0-RTT session resumption, which uses a
session ticket held by the client to retain state (such as the symmetric
crypto key) between queries. I don't know if QUIC allows the server to
close the session immediately with its first response packet, so it can
reply and immediately forget about the client, or if the server will have
to keep state for at least 1 RTT per query.

> I saw mention of QUIC not using the IP Address for a connection key.  That
> sounds like an invitation for easy tracking.  If we take non-tracking as a
> serious goal, that could be enough to knock QUIC out of consideration.

Hmm, I can't find anything useful about the privacy considerations of
0-RTT in QUIC or in TLS/1.3. One advantage of using a popular security
layer ought to be that it deals with issues like this so NTP would not
have to worry at all...

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  https://dotat.at/
defend the right to speak, write, worship, associate, and vote freely

v2.23.0 | Report a Bug | By Email