IETF Logo Mail Archive

[Ntp] Antw: [EXT] Re: NTPv5 draft

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Tue, 08 December 2020 09:44 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 821833A07B3 for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 01:44:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4drwZOSijwq for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 01:43:59 -0800 (PST)
Received: from mx4.uni-regensburg.de (mx4.uni-regensburg.de [194.94.157.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F59C3A07D1 for <ntp@ietf.org>; Tue, 8 Dec 2020 01:43:59 -0800 (PST)
Received: from mx4.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 0387E6000053 for <ntp@ietf.org>; Tue, 8 Dec 2020 10:43:56 +0100 (CET)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx4.uni-regensburg.de (Postfix) with ESMTP id C04636000050 for <ntp@ietf.org>; Tue, 8 Dec 2020 10:43:55 +0100 (CET)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Tue, 08 Dec 2020 10:43:55 +0100
Message-Id: <5FCF4AD9020000A10003D5EB@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.3.0
Date: Tue, 08 Dec 2020 10:43:53 +0100
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Hal Murray <hmurray@megapathdsl.net>, "philipp@redfish-solutions.com" <philipp@redfish-solutions.com>
Cc: Rich Salz <rsalz=40akamai.com@dmarc.ietf.org>, "ntp@ietf.org" <ntp@ietf.org>
References: <20201207211958.511E240605C@ip-64-139-1-69.sjc.megapath.net> <A6098FBA-E388-4102-859D-EFF633610ED7@redfish-solutions.com>
In-Reply-To: <A6098FBA-E388-4102-859D-EFF633610ED7@redfish-solutions.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/cUerKh64-Z2IZ83rK6qjFuGnYcs>
Subject: [Ntp] Antw: [EXT] Re: NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 09:44:01 -0000

>>> Philip Prindeville <philipp@redfish-solutions.com> schrieb am 07.12.2020 um
22:36 in Nachricht
<A6098FBA-E388-4102-859D-EFF633610ED7@redfish-solutions.com>:

> 
>> On Dec 7, 2020, at 2:19 PM, Hal Murray <hmurray@megapathdsl.net> wrote:
>> 
>> 
>> Salz, Rich said:
>>> My view is that it is no longer acceptable to design a protocol for
>>> deployment on the open Internet that has no authentication or message
>>> integrity and that people who disagree are out of consensus.
>> 
>> That seems like a good general principle, but doesn't seen to fit this 
> example 
>> very well.
>> 
>> What do you mean by "has no authentication"?  Do you mean supports 
>> authentication or requires it?  I'll agree if you mean supports, but I 
> assume 
>> you mean requires since otherwise we wouldn't be having this discussion.
>> 
>> Assuming you do mean requires, I'll pay a lot more attention to your 
> argument if you outline a plan for getting the existing user base to demand 
> authenticated time.
>> 
>> The complexity ratio between a simple non-authenticated NTP client and a 
> client with authentication is enormous.
>> 
>> With HTTP to HTTPS, there was a lot of incentive for users and servers to 
> upgrade.  Many did financial transactions over the web.  What's the 
> equivalent for NTP?
> 
> 
> The 3 principles of Security are CIA: Confidentiality, Integrity, 
> Availability.

Hi!

OK, how about starting to build a "CIA table" listing for each NTP variable whether it needs C, I, or A?
I think such a table would be a gouud base for further discussion.
Initially I would thing the current time does not have to be confidential, unless you deliberatly want to run on wrong time...

Regards,
Ulrich
[...]

v2.23.0 | Report a Bug | By Email