Re: [ntpwg] [dhcwg] Fwd: New Version Notification for draft-ogud-dhc-udp-time-option-01.txt
TSG - personal <tglassey@earthlink.net> Mon, 02 December 2013 17:02 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 006F81ACCE8 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Mon, 2 Dec 2013 09:02:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.801
X-Spam-Level:
X-Spam-Status: No, score=-1.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T75hHVFSn3He for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Mon, 2 Dec 2013 09:02:17 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id 135781A1F76 for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 2 Dec 2013 09:02:17 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 18E5686DAF3 for <ntp-archives-ahFae6za@lists.ietf.org>; Mon, 2 Dec 2013 17:02:15 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 9347886D422 for <ntpwg@lists.ntp.org>; Mon, 2 Dec 2013 17:02:04 +0000 (UTC)
Received: from elasmtp-galgo.atl.sa.earthlink.net ([209.86.89.61]) by mail1.ntp.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <tglassey@earthlink.net>) id 1VnWsk-000EJQ-83 for ntpwg@lists.ntp.org; Mon, 02 Dec 2013 17:02:04 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=Pdl3de3z/ihHCVJN1kWouLcV6lalohWa+jM0RNlp8QkIAEphpzUjFLhvnvzDYnTp; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [67.180.133.21] (helo=localhost.localdomain) by elasmtp-galgo.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1VnWsd-0005Og-HH for ntpwg@lists.ntp.org; Mon, 02 Dec 2013 12:01:55 -0500
Message-ID: <529CBD01.3010303@earthlink.net>
Date: Mon, 02 Dec 2013 09:01:53 -0800
From: TSG - personal <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131030 Thunderbird/17.0.10
MIME-Version: 1.0
To: ntpwg@lists.ntp.org
References: <20131201204227.7978.2067.idtracker@ietfa.amsl.com> <83842BD2-0261-472F-9CA1-AFBFB47EAD91@ogud.com> <C0A2F49F-7695-47E9-8AB0-7F94116437F9@nominum.com> <B0A571B5-438A-47AB-AAA4-00D3FC077E22@ogud.com> <331C154E-1A09-4BDD-A70A-AB67BEA2E1E8@nominum.com> <529BD4CF.6000408@ntp.org>
In-Reply-To: <529BD4CF.6000408@ntp.org>
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79c943fbc76109c25575394d9f319d79ef350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 67.180.133.21
X-SA-Exim-Connect-IP: 209.86.89.61
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: tglassey@earthlink.net
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] [dhcwg] Fwd: New Version Notification for draft-ogud-dhc-udp-time-option-01.txt
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
On 12/01/2013 04:31 PM, Danny Mayer wrote: Danny many entities running DNSSEC dont have the option to continue operations until such time as they get better time data under the certs. This is a policy level thing so its not something that they can technically ignore either. Todd > On 12/1/2013 5:29 PM, Ted Lemon wrote: >> On Dec 1, 2013, at 5:05 PM, Olafur Gudmundsson <ogud@ogud.com> wrote: >>> The "threat" the document is trying to address, device wants to > DNSSEC or CERT validation but clock is far off thus VALID credentials > fail validation. >> Ah, thanks for explaining. This is what I was missing—you're not >> doing > this to avoid a threat at all, but rather to simply make DNSSEC work in > a possibly non-secure mode until such time as you can bootstrap better > time information. >> This would be worth mentioning in the introduction and/or the >> security > considerations section. You allude to it in the security considerations, > but it's pretty oblique. >> It is worth pointing out that NTP doesn't actually need DNS to > work—DHCP can deliver NTP server addresses as IP addresses. That said, > this option seems to add value, since there is no guarantee that devices > that implement the existing DHCP NTP will not send FQDNs rather than IP > addresses. > > I had a long discussion with Bernie over the issue of delivering NTP IP > addresses via DHCP. We understand the issues you raised concerning > DNSSEC and have no disagreement about that. The problem is that for NTP > DNS names are preferred over IP addresses because that allows a server > maintainer to retire an NTP server. With an IP address there is no > chance that your local instance will know about this and continue to > bombard the old address. Moreover the newer pool option cannot be used > to any advantage. > > When was the last time you looked at your NTP configuration and verified > that all of the servers listed are still valid? How often will DHCP > servers do this as a matter of course before providing such > provisioning? We have systems that are being bombarded by requests even > though no NTP server is responding to queries. We have plenty of > evidence of this. Even worse we have seen home routers which have > hard-coded IP addresses for NTP servers embedded. How long are those > going to be in operation? > > I think we need to figure out how to get around the Catch-22 situation > of DNSSEC requiring relatively good time and NTP wanting to be able to > use DNS to find valid NTP servers. > > We need a joint agreement on how to deal with this between DHCP and NTP > Working Groups assuming that is a viable option in the first place. > RFC5908 was not a good indication of this. > > Danny > > _______________________________________________ > ntpwg mailing list > ntpwg@lists.ntp.org > http://lists.ntp.org/listinfo/ntpwg > _______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Danny Mayer
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Ted Lemon
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Hal Murray
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Ted Lemon
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Danny Mayer
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Harlan Stenn
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Warner Losh
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Sanjeev Gupta
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Ted Lemon
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Danny Mayer
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Warner Losh
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… TSG - personal
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Ted Lemon
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Warner Losh
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Hal Murray
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Harlan Stenn
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Ted Lemon
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Warner Losh
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Harlan Stenn
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Mark Andrews
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Mark Andrews
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Kurt Roeckx
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Olafur Gudmundsson
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Olafur Gudmundsson
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Kurt Roeckx
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… Harlan Stenn
- Re: [ntpwg] [dhcwg] Fwd: New Version Notification… TGLASSEY