Re: [Ntp] NTPv5 draft
Marcus Dansarie <marcus@dansarie.se> Tue, 08 December 2020 14:50 UTC
Return-Path: <marcus.dansarie.nilsson@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05F843A0FB3 for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 06:50:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.502
X-Spam-Level:
X-Spam-Status: No, score=-1.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WDBSQNKrAFRC for <ntp@ietfa.amsl.com>; Tue, 8 Dec 2020 06:50:09 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C85363A0F47 for <ntp@ietf.org>; Tue, 8 Dec 2020 06:50:08 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id m12so1868010lfo.7 for <ntp@ietf.org>; Tue, 08 Dec 2020 06:50:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to; bh=4G9mfk35Qmsgtys6Inr4UkJ44iLjGj9HJ2j6lsAXYFY=; b=r4gYAIy9lZrJT0uAePryxEzvzhsyVqH+IhfsVYp2v0b3gHmsLBC4Pc8hSUPr2u7CZi fTvnvmKL2XMn63AKbgwjAuyy0LyHrvnuJpC1w+2if1ji+d3pY4Jk6v/DCL3XBKchihEm yLqzyimjoyIK+zfCABK8ChrxcbMQi2+YYx7+AFBqKgSLakXN5VC8mi9PkpszIjmH/Z3j +39TRsW1TS8txoJe6dne0cCmPXpdJY6VP9bUS+V/vIs2FIv2DQGzFDHncpQD3/SPbe/q jkO0AUVAWsRSVLvep/rZS8pWr5DR0y+gVxxAyWf8yDZA22C6xt3r2g3xx00P8XPjZZYQ d07w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to; bh=4G9mfk35Qmsgtys6Inr4UkJ44iLjGj9HJ2j6lsAXYFY=; b=dXi/TK5VaI0jAq8PlvQ7KYXjdulWWLO9n1uKo13xpa8e3PBJe9Vn1C9ptgE1vHwez9 epfx0g2UNv1EnNGXs16aSu1ODNhl+8KGXS3GvHaqeY/qTVCUoc73168HS5ESrUEkPiwn OkODva+t/goe1TjVFMkUfdF4zaiK1SVLXajfjXLOh38YfbVDZpXUrHm3PP6RJWVj0rcC FBw5K0EpF9qheX5MuoTQ7SGgGkAjWKeZ18SdLbkMmJQ/ocNmYgvsRZWvXPruh4FoOI0C FyXaAbdBdQZAamEZ1l4Ooka2PqfqWsPPeutBibTh8PDARgZ6abM+J0s/dtStGh3eRqkB V5rg==
X-Gm-Message-State: AOAM532pGCearUZOVFzDShhNbsquGxjcG6h93L1E3sGgi3RrpdZkefwa BhjqTeVGKUw13pay9G90RlkV/4+7sk3dig==
X-Google-Smtp-Source: ABdhPJy8uKnVb/HOl+dWbeTreUhrrkDmr8G0f+io9CLURjnLypMGiAG6GHaaOdgN2bRSouCT0AI/uw==
X-Received: by 2002:a05:6512:318b:: with SMTP id i11mr6651219lfe.364.1607439006607; Tue, 08 Dec 2020 06:50:06 -0800 (PST)
Received: from ?IPv6:2001:470:dfe6:0:758e:57e1:8b22:9c4d? ([2001:470:dfe6:0:758e:57e1:8b22:9c4d]) by smtp.gmail.com with ESMTPSA id f4sm672176ljo.84.2020.12.08.06.50.05 for <ntp@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 08 Dec 2020 06:50:05 -0800 (PST)
Sender: Marcus Dansarie <marcus.dansarie.nilsson@gmail.com>
To: ntp@ietf.org
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost> <F62C1325-8409-474C-9650-FA96405D0F4B@gmail.com> <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com> <20201208095046.GT2352378@localhost> <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com>
From: Marcus Dansarie <marcus@dansarie.se>
Message-ID: <3314193a-a430-8db8-b72c-8443dcc1f125@dansarie.se>
Date: Tue, 08 Dec 2020 15:50:00 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="j6r9ByxCBdE1siohC8zpbneTvdi9TP3sM"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/df6uQWzjDyMlYGTuBvJS0i78G54>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 14:50:11 -0000
On 2020-12-07 17:38, Salz, Rich wrote: > My view is that it is no longer acceptable to design a protocol for deployment on the open Internet that has no authentication or message integrity and that people who disagree are out of consensus. On 2020-12-07 23:25, Philip Prindeville wrote: > I think that “private networks” and the notion of “the Intranet as implicitly secure” and the term “inside the perimeter” will fall by the wayside before 2030. > Those that don’t think they need security inside their perimeter are simply those that haven’t had an insider attack, or someone bring in a contaminated laptop onto the campus network, etc… or haven’t yet realized that they have. On 2020-12-08 15:20, Salz, Rich wrote: > I'll claim that I already have, but to restate and scale it down a bit: all messages sent by a server must include authentication and tamper-proof. I do not believe anything less is acceptable these days. Add me to the list of proponents of mandatory security in NTPv5. Protocols being designed today MUST enforce security. The problem we have to address is how to achieve this in a way that aligns with users' needs. Someone setting up an appliance for personal use, on an intranet, or airgapped network might not be interested in keeping certificates updated, distributing keys or stuffing them in DNS, and such. Trust on first use may be an acceptable scheme in those cases. /Marcus
- [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Steven Sommars
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft James
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTPv5 d… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTP… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Marcus Dansarie
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft kristof.teichel
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Christer Weinigel