Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements
kristof.teichel@ptb.de Tue, 12 December 2023 13:28 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D95DC48CAEB for <ntp@ietfa.amsl.com>; Tue, 12 Dec 2023 05:28:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.404
X-Spam-Level:
X-Spam-Status: No, score=-4.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgefWOS1XnrU for <ntp@ietfa.amsl.com>; Tue, 12 Dec 2023 05:28:02 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E01AC05DDD3 for <ntp@ietf.org>; Tue, 12 Dec 2023 05:28:01 -0800 (PST)
Received: from s23397.bs.ptb.de ([172.21.101.132]) by mx1.bs.ptb.de with ESMTP id 3BCDRwjI004020-3BCDRwjK004020 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 12 Dec 2023 14:27:58 +0100
In-Reply-To: <CA+mgmiMFLDRggrBUzdJyjhgbM6q0m8nY8PUoU5oxbR2HtZh51A@mail.gmail.com>
References: <CA+mgmiMFLDRggrBUzdJyjhgbM6q0m8nY8PUoU5oxbR2HtZh51A@mail.gmail.com>
To: ntp@ietf.org
Cc: james.ietf@gmail.com, Karen ODonoghue <kodonog@pobox.com>, dieter.sibold@ptb.de
MIME-Version: 1.0
From: kristof.teichel@ptb.de
Message-ID: <OF33DB0AFF.1649DFBE-ONC1258A83.002F27E4-C1258A83.0049F82B@ptb.de>
Date: Tue, 12 Dec 2023 14:27:56 +0100
Content-Type: multipart/alternative; boundary="=_alternative 0049F82BC1258A83_="
X-FEAS-Client-IP: 172.21.101.132
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=references:to:cc:mime-version:subject:from:message-id:date:content-type; bh=4fBL4TVaZq+ivlydHCvKg2blPJN2lxPPxpq1ausqrfU=; b=nrTe2H663ccMf280lFgIFs+cwuk6hpr9Q3XS7PW8ATOnMr84E8riHxdFK4PoM/MORppOWYEMSK9s BFgRp8inTDttxfLVr4Q4kKMSV/1zVQphWNwhXaA091IxRvJg1N0RzL18uwC3PwEIOlV6bSeEdQaG hXkC36fcvHw+vSYnD7CcHgD6rHJhLSjnT3sFFZNCxUudjW8ZaUxVdK6HD+QMwig8VrS7Rw5CF/7E 9AvMWHkTZ1pK9Yd0gLECYBKh3o5AOe+BtOy+i1dKJohgHdc8IquXO01NUcONLfpIluLPNmBYvA0L lyQok7UDDlL8aVdavG0geI2nZOsbW78DogkcGA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/gERbnJ1GZzHafRsItxfnFDeAn6s>
Subject: Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2023 13:28:07 -0000
Dear James, dear all, Martin and I have a number of comments on the NTPv5 Requirements draft. We appreciate the effort that has gone into developing this draft. As always, our intention in providing this feedback is to contribute constructively to the ongoing work, and to help ensure that the final document is as helpful as possible in the development of NTPv5. General comments: - It often seems unclear what this document is regulating (what its MUST, SHOULD, etc. applies to). * Sometimes, it explicitly states that it applies to "the [upcoming NTPv5] specification"; this is at least clear and verifiable and seems helpful. We give a soft recommendation to change to this wherever possible. * Sometimes, it alludes to "the WG should be doing X"; we are unsure if this is proper for an RFC. * Sometimes, the context implies that the requirements apply to a (to each?) protocol implementation; we are unsure about this. * Most often, requirements are stated to apply to "the protocol"; this seems very abstract, non-verifiable, and overall confusing. - There are lots of instances of non-capitalized "should" (and possibly others?); these need to be checked and either eliminated or capitalized. Related, there is at least one SHALL NOT between more MUST NOTs; overall, consistency needs to be improved for normative clauses. - The overwhelming majority of normative terms are "SHOULD"; it seems more helpful to have more "MUST" - if we're going to regulate things, we should avoid so much use of a term that basically means "we would like you to do this, but in the end do whatever you want". - We think the document should state the scope of its requirements (on-wire protovol only vs. including processing algorithms vs. everything, including clock disciplining). 2 Use Cases and Existing Deployments of NTP - We are missing the overall description of NTP being used to sync large numbers of computer clocks via open (internet-like) networks; we are unsure how helpful the specific example use cases (data centers, NTP pool?) are - The whole implied context of "NTP is what you use when PTP isn't available" gives a confusing impression; perhaps add (or replace with) a mention of the large numbers (billions of users, probably tens of billions of devices) that NTP has; - It feels like half the text in this section is about possible issues and/or PTP - without any transition to us wanting to solve the issues, or why NTP might ever be preferable. This should be improved (Martin and I could help with appropriate text on this). 3 Threat Analysis and Modeling - We almost feel like it would be best just to refer to Tal's document RFC7384 rather than reproducing and summarizing it here. If the WG feels we need a section like this, Martin and I would be ready to supply a reworked text. 4 Requirements - "It should be able to provide enough information for both basic time information and synchronisation." We don't quite understand the implication with 'basic time information' - can you explain? 4.1 Resource Management - We feel this whole section runs counter to the subsequent one (Data Minimization); we feel that the requirements to support resource management (really, mostly rate limiting, some loop avoidance) are overly strong; we also feel like most of these features are prone to misuse/abuse and pose security risks. In conclusion, we would like to suggest lowering/rethinking the requirement levels. - Couldn't servers simply drop packets when over capacity, clients simply look for another server if theirs doesn't respond, or reduce their request rate? The logic would be much simpler, the security clearer. 4.2 Data Minimisation - The term "optional data" needs to be clearly defined (and in my opinion discussed again). - While we agree with the point made about data minimization, we feel that it runs counter to many other features/aspects (timescale, resource management, leap seconds, security). 4.3 Algorithms - The headline is confusing; the context with algorithm agility while not discussing crypto algorithms seems prone to misunderstandings. Perhaps change to "Time Processing Algorithms"? - The formulation "SHOULD be obvious" seems confusing. - The second paragraph seems to hint at specification-side modularity (on-wire protovol vs. processing algorithms vs. clock disciplining); while I like the idea, I believe it is controversial; I'm also unsure I'm even understanding the text correctly. 4.4 Timescales - It seems we should make explicit that "a linear, monotonic timescale" cannot be UTC itself. 4.5 Leap Seconds - The 24 hour explanation seems clunky. How about "ideally 24 hours in advance, otherwise as soon as possible"? - We don't agree with the statement that leap smearing "SHOULD be supported [and MUST be dealt with]" in the specification and the implementations and "the protocol". This (specifally the hard requirement for clients to completely deal with all aspects of server side smearing) seems to require a great amount of work and effort by specification editors and all future implementors for supporting a hack that will be opbsolete in a few years. At the very least, this seems like a controversial point that needs more discussion... We would probably suggest relegating this to a separate document (and then more along the lines of 'if you're going to smear, do it like X'). 4.6 Backwards Compatibility with NTS and NTPv4 - We feel that it might be problematic (e.g. security-wise) if an instance is running as an NTPv5 server but gets its time via NTPv4/v3. - Structure: there shouldn't be a 4.6.1 if there isn't also a 4.6.2. (We are also unsure if the 4.6.1 'Dependent Specifications' text is needed at all.) 4.7 Extensibility - "Unknown extensions received from a lower stratum server SHALL NOT be re-transmitted towards higher stratum servers." ... Should anything ever be? Also, isn't this part of "ignoring unknown extensions"? 4.8 Security - If we shy away from naming a security option (e.g. NTS) as required for everyone, we leave the door open for a situation where two implementations can only do unsecured communication (because they support different, mutually exclusive security options). - We don't have a strong opinion on what's best, but if we require security to be supported, we must specify a minimal supported set. - "Downgrading attacks that could lead to an adversary disabling or removing encryption or authentication MUST NOT be possible in the design of the protocol." is a difficult requirement. Under the problem outlined above, it might be simply unfulfillable. Also, it leaves unclear what is forbidden (only downgrading to zero security, or any downgrading at all) 5 Non-requirements - This seems prone to misunderstanding: these are points that we as a WG have discussed and consented on not pursuing further; but it might sound like optional requirements? 5.1 Server Malfeasance Detection - I find it problematic to cite a draft (!) and claim that it "already provides this capability"; Roughtime is IMO not mature enough to do this 7 Security Considerations - We are not sure that this is still correct; we do think this document opens new considerations (e.g. by requiring authentication and integrity to be supported) To be clear: we want an adapted document to advance and to be submitted to the IESG (not to hold up the process or anything). Thanks for your understanding, and we look forward to your response, James; in any case where you might need help with concrete text, we are ready to work on it with you. Besten Gruß / Kind regards, Kristof Teichel (and Martin Langer) __________________________________________ Dr.-Ing. Kurt Kristof Teichel Physikalisch-Technische Bundesanstalt (PTB) Arbeitsgruppe 4.42 "Zeitübertragung" Bundesallee 100 38116 Braunschweig (Germany) Tel.: +49 (531) 592-4471 E-Mail: kristof.teichel@ptb.de __________________________________________ Von: "Karen ODonoghue" <kodonog@pobox.com> An: ntp@ietf.org Datum: 30.11.2023 22:29 Betreff: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Gesendet von: "ntp" <ntp-bounces@ietf.org> NTP WG members, This email initiates the NTP working group last call for the NTPv5 requirements document. https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5-requirements/03/ Please review this document and respond with an email on the following two questions: 1) Please review the document closely and provide comments. It is only eleven pages in total so it is a quick read. 2) Please state whether or not you think this document is ready to be submitted to the IESG for publication (pending resolution of any comments you have made). Remember that this document will be used to drive decisions in the NTPv5 work that is already underway. Given the brevity of the document, this WGLC will conclude on Wednesday 13 November. Regards, Karen and Dieter_______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Karen ODonoghue
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements David Venhoek
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Miroslav Lichvar
- Re: [Ntp] [EXTERNAL] WGLC - draft-ietf-ntp-ntpv5-… Denis Reilly
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements kristof.teichel
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements kristof.teichel
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- [Ntp] Fwd: Antwort: Re: WGLC - draft-ietf-ntp-ntp… Daniel Franke
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- Re: [Ntp] Fwd: Antwort: Re: WGLC - draft-ietf-ntp… Salz, Rich
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- Re: [Ntp] [EXT] Hard NO: Re: WGLC - draft-ietf-nt… Hal Murray
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: Fwd: Antwort: Re: WGLC - draf… Windl, Ulrich
- Re: [Ntp] [EXT] Re: Fwd: Antwort: Re: WGLC - draf… Ira McDonald
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Steven Sommars
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Dave Hart
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Harlan Stenn
- Re: [Ntp] [EXT] Hard NO: Re: WGLC - draft-ietf-nt… Windl, Ulrich
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Steven Sommars
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: Fwd: Antwort: Re: WGLC - draf… James
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- Re: [Ntp] [EXT] Antwort: Re: WGLC - draft-ietf-nt… Windl, Ulrich
- [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv5-re… Harlan Stenn
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… David Venhoek
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Dave Hart
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… David Venhoek
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… David Venhoek