Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption

Doug Arnold <doug.arnold@meinberg-usa.com> Wed, 02 June 2021 14:04 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA4F3A4404 for <ntp@ietfa.amsl.com>; Wed, 2 Jun 2021 07:04:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c_ithJ-HVp2w for <ntp@ietfa.amsl.com>; Wed, 2 Jun 2021 07:03:54 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30063.outbound.protection.outlook.com [40.107.3.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F38CA3A4400 for <ntp@ietf.org>; Wed, 2 Jun 2021 07:03:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JGAf9CarlKuHs5rVUKLy6fwOfj61g2ORph/SjIEmRbTM9dW1x9avxWxAgYbFYO3wzCxU5KrdvwCmxDNutNeKsHj6HmCvsaaJ0UYL/VdqbybNGn5rT1a/cs3JznLgaozuedjZgi8nELG+5xIo/OR/LJnjIdvBwiOwq3p1sK83EVBmEJi1unJbRWAjaoJDo7aoNJpxvzKoVP9fEqNxfwG3+lm9V90Or9sBg8BRpcZ6iCDh7MtZFGW3GfMghHPAr0RhBHitWTENZ++vY9Yau7+pN2hQusmIs+Y/Nx0sgTzDV9p6mLxjaEzIClqAzjGTehSAJ7BZt+2qz/wCKp4PE/fgUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A47d2iUQivulgJ+Dv9KZMy4MUadk/mI/13Ki25WD8RI=; b=jZrpSZLaY5ZasQrTPty93NnmkFrBISGEEndeH3Z/fDMLVfib3+aD6v8vQaUSAn/imCBn0ZC1462H2WSkLvwjsDTOHABnvS0OgC9y14OujnypJ9gla5TjzmCZh3E38f+K0Adu+UHfS2AriYpBgMj+b+49UF7atvXs5JweUHZw/p8PS6vNOOU6KQRxKJvb7YkrfTeg8hAt3THMJ7pSKnVcEU+DLS/tKODJMTeqIUx0mUPj3b0HRwER6mMvaYzQqqNLjY6mts9K26cTMpaz0Ej1XfgiHcNz5c48E7cXOqTKgRnx9md7QvQZMHEHcr0zz9KlIKC4M+4Qga87bIjjFNePDg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A47d2iUQivulgJ+Dv9KZMy4MUadk/mI/13Ki25WD8RI=; b=lrFitJYl5oEO0jAu+G6mN3TEv6HrGTcD+QorbYNAHXCr3tU22YXT+0005l+Rs8POx1jI9/Hh8FFsrEcuH+Gqgmo+ipjcYc4pH+zwENS+EdWGM7Uv20O77Ie8kx6+Kmsl3dX3BY9hqhQIzUTpDIU9vVho0wb5ZDU3OQ/yTjDxnhA=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB3734.eurprd02.prod.outlook.com (2603:10a6:209:2b::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22; Wed, 2 Jun 2021 14:03:50 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::aca9:7944:745f:78ef]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::aca9:7944:745f:78ef%6]) with mapi id 15.20.4173.030; Wed, 2 Jun 2021 14:03:50 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Heiko Gerstung <heiko.gerstung@meinberg.de>
CC: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
Thread-Index: AZ2x3tU+ZTljNmQ4N2MwN2VmZGRlN/NJ2JQAAAMO24AAAZtGgAABqW4AAAGes4AAAYKJgAAC7iCAACh054AABOqzAAABb51i
Date: Wed, 2 Jun 2021 14:03:50 +0000
Message-ID: <AM7PR02MB5765B17AAD9423835EE209D7CF3D9@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <7F9B8D13-BC90-4E15-9BDF-81714DF0F0C6@meinberg.de> <YLYCLIEA4/unB6/5@localhost> <1DAA3605-CC04-46DE-8CFC-975BED7D4160@meinberg.de> <YLYheZYTSflAdlrF@localhost> <CEB3F4AA-E318-4540-BD6C-4437E3F5F58A@meinberg.de> <YLY3f2/5k1Hjebf7@localhost> <7167BC2B-1889-4DF5-AF7C-BAAAB3586841@meinberg.de> <YLZVS4jwGOnMIk6g@localhost> <24DF9BF2-3072-4152-80D6-9F10D53A59AF@meinberg.de>, <YLeFyqZp6bZY9nY9@localhost>
In-Reply-To: <YLeFyqZp6bZY9nY9@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 991f3a55-8ca3-4168-2e51-08d925cf3fd9
x-ms-traffictypediagnostic: AM6PR02MB3734:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM6PR02MB3734610E66C444BED1C25AD9CF3D9@AM6PR02MB3734.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: scxPrpIe8YJUosFNQ2qDQs8BaI4dIdf1XwpBNyVZdZFUdrh2xViJUAFD06395WDilMNrmZXt/aAtwMqEKWNy12XD+xeIOagvQdnOPeFBcxA8I6mY3hBcGgVLD4y2rCrzQKjza1DUzll0S/WyxTLfKDaCqSw2JiE74AZd2MMeI7vwguZt3Wq1nGkCr9ZoQjq1v9IgmTSk2WCzO78beAZdnpo2nbXQ/J+g7QvSxT61BIVizDHP1KQu8uBHdi0ZFI8//WLHafj5c0w9t+tBKUvxrcYCNMkZMMRUGsOMMFsgaPxC7eUCqRhwIml2bmtna2WVbrumyErl8qVAWiVeUpYoETj9rBLzEUXFOVU0O0MtWvZtMHANp+/RKlhxedvSfO/ziiUDi28KOM2FhnBhFuPxJ3NEKHt/i8nsindBNjQz2VR2IpmFuUPKLaVOpcwk5banpitT9wThRGvM7o2GT/UlW1Yx+WgMwFpWgb3821a/KcpllD02z2snk8++mOtFkdVlMnv+J2lzNpbpoDYV1mvz93KRpjbhnKCDiwxPImkSYYHVe2UwmwwqMJRD9fa2gP2zdRp2qwPJTV54/MFsnCRJgRp05UBeetQfM56TC7zPls69ZtlO8hBI23bkyD9HICAWiSZmqF6mxVk9WFDLKjiC8Huruc4nQuqRrpufCm2y0xioiP5sRT3egZKjJt4nYtcd1NA3nB2jY9/+YcJ7773OdkYfgykoa3fkrXcb+pV0meyG7dOTXriwLclLdlUPXzocjdmfz/j+z/bF8dPeHaQwWg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(39830400003)(366004)(376002)(346002)(136003)(396003)(66476007)(64756008)(66556008)(53546011)(76116006)(6506007)(9686003)(110136005)(55016002)(26005)(66946007)(8936002)(8676002)(66446008)(2906002)(478600001)(91956017)(52536014)(38100700002)(186003)(83380400001)(966005)(44832011)(7696005)(71200400001)(5660300002)(86362001)(33656002)(4326008)(166002)(122000001)(316002)(32563001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EtzWkmk7VuYz9X5+/vtle5nfTjPuxwhh+k/4ZzFFNA3c/RG3bXvDSWg09o/o?= =?us-ascii?Q?ZAJ4DXTvU2RD+XpzlOHzwNtrTgrmRFHOvD31UzGAeC/rKF8ZwMreq7rcSTCr?= =?us-ascii?Q?nS1W/YwwRDoL09q1id6m2AslLlieZKJTwgguQoFOw7wo8ZkH0XalmZPwaCcB?= =?us-ascii?Q?tPpNhiFRcYvF1z2y29xqZtWQgBbFv+ZznS+kQiJ1tyqfcHxb4zSLXv7r7OT7?= =?us-ascii?Q?tVEUH1XiUuMU96+e7om1kgHzvVMLai7i9JmF9EO0Gybf1Dm6sg9HtE8gMV5o?= =?us-ascii?Q?dcnKMHCcq6a1G7a6aixNKtYSw2tC6WqDr2Vz0QmZEy/3uyRcMsJBZvslJ500?= =?us-ascii?Q?2JiGvXDLGnRboePifN/HLhij538L2Fv9MuLldH8/Yz2AAMEwjGe4PZJHGGu1?= =?us-ascii?Q?gfnLHFYyNjb5oYtjnQyBcdJiUKjMSmdoH0arUKisFcLhKskrmPXyhotsjBG+?= =?us-ascii?Q?F9FMuZC6Qxz7nhxzyJi2/MKP5DEGg6tQvaKr/WkFvNiwLSblOGdbAfRckgBb?= =?us-ascii?Q?tOmx4ImS+ebUMseqN3gaxwTsPUtcLEJ2bCGI3ClDBM4QHXCS+PGbpbbsMqbT?= =?us-ascii?Q?rdS4+CWMXPYLQX0U/YSiCIT/kJmey75gf28zks78yUGHuHpARWgStk0mAZZl?= =?us-ascii?Q?WOzjOswIxllUaa+qoBt4oOV6+og15yuYnPpmwDXArvbeh/4QbKhcoQXQg7Rg?= =?us-ascii?Q?ua5Zm/3XE8BkajGTo7AyfllnXxbjHAIC0MNYXCS1irPJoP3AFbQWHwroWGjg?= =?us-ascii?Q?rstLy3cM2qJQpvmCPnz4X96YCwI9KlgKDJy18TWh2/BfhB64qgjK/tsRLlZb?= =?us-ascii?Q?N7Yw3WnccA1C5UK3P9B4Lqs0R56rwDq+bfnB40IJBOQzDGPGuRSWX7c9MisA?= =?us-ascii?Q?MOZH9kPCnijYClHEYcEKE4wlD2oRperIBB0ow+kI2lFtD37P/2wHytYqkMbx?= =?us-ascii?Q?gzJ/PTwHh2GokAE4oYAQl6/EHLm/sS8/FNBgLwAz+vjb4f/3BxHsY9l+oGfD?= =?us-ascii?Q?RONKTtavmE4BuLIaEkung4mkHwpC1CBYLQZHoEVtEq8uhI/PGdO20K2E2E8a?= =?us-ascii?Q?YmQ9gm7E1Mgq4cHDOheSq6O9Q55/kU8oL7kUPbDDmzmbYQBKiDnucp7OkSHx?= =?us-ascii?Q?ps5/Cr9/iAM+I2sVRFCp6GZVJQE/H2AljP3qXVv2PHx7EmAtFHi716J9pzAu?= =?us-ascii?Q?Cr39AqsED9r7yaSFPRnwYrTPlgT4u/7yfsAfm7YeVRHSx+o7dSedGduIYJo2?= =?us-ascii?Q?y0RN4EA7u3oImTR8dJ2rpORuArIn+1H1uWGbZcuzxOq/JYuCEQg4GdyujMZv?= =?us-ascii?Q?m5ppBrKi3NoMyh3E6d9ppFieuMnf0ziuHL8XRpDggyRtzQ=3D=3D?=
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB5765B17AAD9423835EE209D7CF3D9AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 991f3a55-8ca3-4168-2e51-08d925cf3fd9
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2021 14:03:50.8744 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uZWaTgoAFEfO/eUbTnsJWOMGju+fpRf/hqRseOKzZPD+5hO+0aW4xwCfeAaEP4j7QbJddCqj+WxM2+zC4xfRmvJXkoEORsNT7gRH31Lq/RU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB3734
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/eYH3WE3GJ84KImcs-3jfYyjCFVM>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 14:04:00 -0000

Would the proposals by Heiko and Martin for PTP security make more sense to people if we just called it TLS based Security for PTP, and left the NTS out?

Doug

From: ntp <ntp-bounces@ietf.org> on behalf of Miroslav Lichvar <mlichvar@redhat.com>
Date: Wednesday, June 2, 2021 at 9:21 AM
To: Heiko Gerstung <heiko.gerstung@meinberg.de>
Cc: ntp@ietf.org <ntp@ietf.org>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
On Wed, Jun 02, 2021 at 01:00:27PM +0200, Heiko Gerstung wrote:
> Yes, it needs to be fleshed out in more detail in a draft. My point is that you could use a different approach than what we chose in our proposal, but you then have to put this down in writing and submit a draft if you are convinced it has enought benefits when compared to our approach. If you believe it would be a lot shorter, more compact document with less complexity and provides the same or a higher level of protection/efficiency, then please write it down so we can compare it in its entirety.

I'm not interested in writing a new NTS4UPTP draft, at least not at
this time. I'm asking you to reconsider your design or at least
describe how it compares to possible alternatives.

> > If you used only NTP4NTS over PTP, you would still have only one sync
> > protocol. Just the transport is different. That's a couple lines of
> > code.
>
> A couple lines of code? OK, if you volunteer to modify chrony, I would volunteer to test this with our hardware time stamping engine. Just add a comment where you want to get the hw timestamp from our engine and we will add the necessary function call to actually get it from the hardware. Please ensure that you need to read out at least the sequenceId and MessageType from the PTP header as that is required to find the correct timestamp in the queue. See my comments to Kristof earlier today regarding the requirement to add support for different timestamping hardware, but a first test if this actually works would certainly be interesting, so why not give it a shot if it's only a couple lines of code!

It is 7 lines for a quick hack that hardcodes a PTP prefix for all NTP
messages [1]. Both server and client ports need to be configured to
the PTP port. If your timestamper doesn't use the Linux timestamping
API, it will probably require significant changes. I'll leave that up
to you if you think it's worth the trouble.

I tested it on two NICs: Intel XL710 (40Gb) and Broadcom BCM5720
(1Gb). Both seem to work as expected. It seems their filter only
checks the message type and version, ignoring the length and other
fields. If all HW worked like that and it was acceptable to generate
invalid PTP messages, the messages could be only two octets longer.

> The NTS_TLV is not used for the actual sync / delay / announce messages in our draft, that means you have the authentication_TLV as an overhead compared to standard unicast PTP. This TLV has a size of 42 octets (if I assume a ICV size of 256 bit). The Common PTP message header is 34 octets in size, the size of the Sync and Delay_Req messages is another 10 octets, resulting in 44 octets in total, which proves your point.

Another thing to consider is that PTP exchanges more messages per
measurement than NTP. In NTP it's 2 messages to get all 4 timestamps.
In PTP it's 4 or 5 to get the timestamps and there are also announce
messages and unicast-specific messages. NTP4NTS over PTP might
actually save some network bandwidth.

[1] https://fedorapeople.org/~mlichvar/chrony/chrony-ntpoverptp.patch

--
Miroslav Lichvar

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp