Re: [Ntp] ntpv5 requirements
Harlan Stenn <stenn@nwtime.org> Thu, 16 February 2023 10:22 UTC
Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F827C14CE2B for <ntp@ietfa.amsl.com>; Thu, 16 Feb 2023 02:22:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqDlp2svjfBK for <ntp@ietfa.amsl.com>; Thu, 16 Feb 2023 02:22:46 -0800 (PST)
Received: from chessie.everett.org (chessie.fmt1.pfcs.com [66.220.13.234]) by ietfa.amsl.com (Postfix) with ESMTP id 966F4C14CEF9 for <ntp@ietf.org>; Thu, 16 Feb 2023 02:22:46 -0800 (PST)
Received: from [10.208.75.149] (075-139-201-040.res.spectrum.com [75.139.201.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4PHWGp1rljzMQ2y; Thu, 16 Feb 2023 10:22:42 +0000 (UTC)
Message-ID: <5f2d5232-2d65-ebba-a882-c17a2d45ff6b@nwtime.org>
Date: Thu, 16 Feb 2023 02:22:40 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-US
To: kristof.teichel@ptb.de, ntp@ietf.org
References: <DB8PR02MB5772E45732B25646F7CAE211CFD99@DB8PR02MB5772.eurprd02.prod.outlook.com> <Y+pgBgc/5dJ9wtAP@localhost> <2bbcdc7b-a47c-8421-0278-0ac364faaeea@nwtime.org> <OF7B624B98.C1ECCBBE-ONC1258956.00440F55-C1258956.00448C93@ptb.de> <8bfc7ac6-7696-1ac8-c2a3-62aa0084e07f@nwtime.org> <OFC32EACE8.630A7650-ONC1258957.002BE096-C1258957.0030593F@ptb.de>
From: Harlan Stenn <stenn@nwtime.org>
In-Reply-To: <OFC32EACE8.630A7650-ONC1258957.002BE096-C1258957.0030593F@ptb.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/cSArdvW8fw40T3qgcCqZUeTROEs>
Subject: Re: [Ntp] ntpv5 requirements
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2023 10:22:50 -0000
On 2/15/2023 12:48 AM, kristof.teichel@ptb.de wrote: > In-line... > > > Besten Gruß / Kind regards, > Kristof Teichel > > __________________________________________ > > Dr.-Ing. Kurt Kristof Teichel > Physikalisch-Technische Bundesanstalt (PTB) > Arbeitsgruppe 4.42 "Zeitübertragung" > Bundesallee 100 > 38116 Braunschweig (Germany) > Tel.: +49 (531) 592-4471 > E-Mail: kristof.teichel@ptb.de > __________________________________________ > > "ntp" <ntp-bounces@ietf.org> schrieb am 15.02.2023 04:10:32: > >> Von: "Harlan Stenn" <stenn@nwtime.org> >> An: kristof.teichel@ptb.de, ntp@ietf.org >> Datum: 15.02.2023 04:16 >> Betreff: Re: [Ntp] ntpv5 requirements >> Gesendet von: "ntp" <ntp-bounces@ietf.org> >> >> I don't see that you are disagreeing with me regarding the "priority" of >> performance. > > Let's leave the goalpost were they were: the original question/statement > was whether/that NTS was specifically designed to scale well with large > number of clients. > Which it was (I can elaborate if anyone would like, but I feel like > we've been through this). > I'm disagreeing with your implicit statement that your perceived > priority of goals is in any way an argument against this. Whatever. The point remains that there are clearly environments out there where NTS does not currently sufficiently scale. > You also appear to get scaling properties mixed up with performance, > though they are clearly stated as separate goals and each explained in > the RFC. Maybe, but I don't see how this is significant. The bottom line is that NTS does not currently appear to be usable at high traffic volumes. > That said, even when confounding them I don't see the argument: > NTS was also specifically designed to affect performance "not > significantly" (we can go there if need be), and I would argue it simply > affects performance *as little as possible* (possible while reaching the > stated security goals). > >> And blindly following "amplification goal-stated as zero" has some >> pretty onerous consequences. > > The above is already a pretty hard detour from NTPv5 requirements > discussions. I was merely responding to something you said on the thread. > But this is so far beside the point, let's either open up a separate > thread for it or drop it. I have no preference. H -- >> H >> >> On 2/14/2023 4:28 AM, kristof.teichel@ptb.de wrote: >> > The reason that scalability and performance have traditionally been >> > listed last in NTS documents is less that they are in any way secondary >> > -- and more that they follow a pattern of "...and it needs to do all of >> > the above in such a way that it retains scalability and performance as >> > far as possible". >> > (And perhaps a bit of them being quantitative goals rather than >> > absolute/qualitative; performance is gonna get worse with crypto rather >> > than without, the goal is to keep it reasonable/best possible -- whereas >> > e.g. amplification can be cleanly goal-stated as zero.) >> > >> > >> > Besten Gruß / Kind regards, >> > Kristof Teichel >> > >> > __________________________________________ >> > >> > Dr.-Ing. Kurt Kristof Teichel >> > Physikalisch-Technische Bundesanstalt (PTB) >> > Arbeitsgruppe 4.42 "Zeitübertragung" >> > Bundesallee 100 >> > 38116 Braunschweig (Germany) >> > Tel.: +49 (531) 592-4471 >> > E-Mail: kristof.teichel@ptb.de >> > __________________________________________ >> > >> > >> > >> > Von: "Harlan Stenn" <stenn@nwtime.org> >> > An: ntp@ietf.org >> > Datum: 13.02.2023 23:29 >> > Betreff: Re: [Ntp] ntpv5 requirements >> > Gesendet von: "ntp" <ntp-bounces@ietf.org> >> > ------------------------------------------------------------------------ >> > >> > >> > >> > On 2/13/2023 8:06 AM, Miroslav Lichvar wrote: >> >> On Thu, Feb 09, 2023 at 05:18:20PM +0000, Doug Arnold wrote: >> >>> For example: Judah Levine at NIST recently told me that he >> cannot implement NTS with his current server resources and the number of >> > clients NIST supports. However, when I told him about TESLA he thought >> > a scheme based on that would be doable, as long as the keys didn’t have >> > to change too often. >> >> >> >> That is interesting as NTS was specifically designed to scale well to >> >> very large numbers of clients. >> > >> > I don't recall performance in NTS as being a primary goal of the design. >> > >> > Sure, it was listed as *a* goal, but the primary goals were around >> > "security". >> > >> >> Is their concern about decryption >> >> and encryption of NTS-protected NTP packets, or rather TLS in NTS-KE? >> > > >> >> In 2016 they reported they had about 200k requests per second across >> >> all their servers [1]. Even if it was 100x more today and all clients >> >> were using NTS, that could still be handled by a dozen of servers with >> >> multi-core CPUs and AES acceleration. In my tests I get about 200k/s >> >> per core. >> > >> > From what I've heard, NTS key operations take 5-10x the amount of >> > compute power beyond what NTP needs. >> > >> >> NTS-KE traffic is more difficult to predict as it depends on the >> >> client implementations. I would be curious to see what NTS-NTP to >> >> NTS-KE request ratio do the well-known NTS providers like Cloudflare >> >> and Netnod have. >> >> >> >> [1] https://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.003.pdf > <https://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.003.pdf> >> > <https://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.003.pdf > <https://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.003.pdf>> >> >> >> > >> > -- >> > Harlan Stenn <stenn@nwtime.org> >> > http://networktimefoundation.org > <http://networktimefoundation.org/><http://networktimefoundation.org/ > <http://networktimefoundation.org/>>- be >> > a member! >> > >> > _______________________________________________ >> > ntp mailing list >> > ntp@ietf.org >> > https://www.ietf.org/mailman/listinfo/ntp > <https://www.ietf.org/mailman/listinfo/ntp> >> > <https://www.ietf.org/mailman/listinfo/ntp > <https://www.ietf.org/mailman/listinfo/ntp>> >> > >> > >> >> -- >> Harlan Stenn <stenn@nwtime.org> >> http://networktimefoundation.org <http://networktimefoundation.org/>- be > a member! >> >> _______________________________________________ >> ntp mailing list >> ntp@ietf.org >> https://www.ietf.org/mailman/listinfo/ntp > <https://www.ietf.org/mailman/listinfo/ntp> -- Harlan Stenn <stenn@nwtime.org> http://networktimefoundation.org - be a member!
- [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements James
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements Hal Murray
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- [Ntp] Costs of running NTP servers Hal Murray
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- [Ntp] Antw: [EXT] Re: ntpv5 requirements Ulrich Windl
- Re: [Ntp] Costs of running NTP servers Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements kristof.teichel