Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice
Karen O'Donoghue <odonoghue@isoc.org> Wed, 03 October 2018 14:38 UTC
Return-Path: <odonoghue@isoc.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0073B1312B2; Wed, 3 Oct 2018 07:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzQZEBIuvf9Z; Wed, 3 Oct 2018 07:38:11 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0631.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09EFF1312C5; Wed, 3 Oct 2018 07:38:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bPUyRPeLSOIzciws0dAp6CgCYAa78EGKPygJx2qMS0A=; b=N2ExvslOVxSobi5PoIjwm2sx9nPO+tcCXKO1kZqxavPhBxL5v57K7scNov+cZUlSpjiCE8ok0O9GtuvkFTE+CCmj+OHlPx0CQU6d8bMbejL3uI7AtrrP7oH4fLHswpfxLd/3BPFBg9QfiWhVm3WPYnYXoWLqIFl6bAEP2m129A4=
Received: from DM2PR06MB909.namprd06.prod.outlook.com (10.141.178.27) by DM2PR06MB832.namprd06.prod.outlook.com (10.141.100.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1164.25; Wed, 3 Oct 2018 14:38:07 +0000
Received: from DM2PR06MB909.namprd06.prod.outlook.com ([fe80::253a:1743:4d71:d93e]) by DM2PR06MB909.namprd06.prod.outlook.com ([fe80::253a:1743:4d71:d93e%10]) with mapi id 15.20.1185.024; Wed, 3 Oct 2018 14:38:07 +0000
From: Karen O'Donoghue <odonoghue@isoc.org>
To: Joe Touch <touch@strayalpha.com>
CC: tom petch <daedulus@btconnect.com>, ietf <ietf@ietf.org>, "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, "ntp@ietf.org" <ntp@ietf.org>, "suresh@kaloom.com" <suresh@kaloom.com>, "draft-ietf-ntp-bcp@ietf.org" <draft-ietf-ntp-bcp@ietf.org>
Thread-Topic: Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice
Thread-Index: AQHUVCkb8K8BbkuB6EW7x0YUebRze6UCqTyAgAr71AA=
Date: Wed, 03 Oct 2018 14:38:06 +0000
Message-ID: <C6560277-B344-42DD-A9AA-D5B69D555FCB@isoc.org>
References: <153780882752.28012.13609334805933711190.idtracker@ietfa.amsl.com> <031701d4557f$43081e00$4001a8c0@gateway.2wire.net> <F8477AAD-A4EC-4F90-B12C-1085407DEBE3@strayalpha.com>
In-Reply-To: <F8477AAD-A4EC-4F90-B12C-1085407DEBE3@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=odonoghue@isoc.org;
x-originating-ip: [193.180.218.196]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR06MB832; 6:sGikyYOBZe/wK7VpKhVqM16IqhKg+Zcpl9EoYxcJMygx5tnYlHmLeYp7sahIV/IfaAZS4iDxzchuu5+0a7bkUpTqmiqiyB0195pMutSWyav7h22tSbBAjyFe6xID6B1oMwAOqZphAUbFTJP+7PxTPOT5CZXiGZhJPw29oH36N4EsBKWs2FgsHFA3bs3w7Ek3a5y/ja1dBtKr4Jxb6kXWHonRHFqX7ZEzMF7MqOR6iDEFiAUztplmVhs7ynmj7b8UgaCFC98Fpe+/Ohdvd8P6JFKEFdNx48KgUGaX+rHUEMv3YdZKdoy33gMgVy5UnWLRNCyXiYMVDQr07XH58juKTfvsWaBfQzI0qL6KWgRxPXYGIDP/eM1f9bMBcWtLuRnX2qDbT2ExO9NbHRw1b5aDq9xyZGI1bUyTjipyj01rJ/0n5UCAY/YQVUvHh0g5U1IZXRJOmSduGNz8A/y8Gss/Og==; 5:G7Cmir+s4/BfYfF5lIEdzqv5xpQ3L4XMY75mCKjnr2zlTxlZFnDXohmf3zgNakqJ9M5swLp3xsyHvAqc4hWXocDIFqM+b4yQUk9ULOQjGR2O3DAf0paxXsrfDlU5rN3BMcObmry7D5Ak08abhUO8WtMgaYxNQRn+yttW+Lv05+8=; 7:dYlbGSdC7B9BWjzXm3E13IZEeESvtG+bMU0pABk/zGNb1KnSOm6evIjRhMskeMeHYTqpucsQwSyFlYsYNM98Sc8cq5382Gj0gM7jrZiKwER8tdjWX/RUssfXZnc1J+RyP16XgTpJlFQQqtHHxMwOy3W6fFlG9d+PlXX6l8pMK9tGeuG/1hOjZ7z3KULB6rj7b1lWdYNSV/kXiI+exjM4PE8cFph334uw0kzkX2BQQqt9dFXGAyyIvwF7yhZzZD9i
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e06c1915-02ae-45e2-2d27-08d6293dd57b
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:DM2PR06MB832;
x-ms-traffictypediagnostic: DM2PR06MB832:
x-microsoft-antispam-prvs: <DM2PR06MB8324E01A38C8B85F47269FCC2E90@DM2PR06MB832.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(158342451672863)(72170088055959)(120809045254105)(178726229863574)(219612443155931);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(3231355)(944501410)(52105095)(93006095)(93001095)(149066)(150057)(6041310)(20161123564045)(20161123562045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051); SRVR:DM2PR06MB832; BCL:0; PCL:0; RULEID:; SRVR:DM2PR06MB832;
x-forefront-prvs: 0814A2C7A3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39850400004)(13464003)(199004)(189003)(51914003)(6512007)(6306002)(6116002)(106356001)(3846002)(8936002)(82746002)(5250100002)(81166006)(2906002)(105586002)(25786009)(8676002)(5660300001)(81156014)(66066001)(86362001)(68736007)(4326008)(6486002)(53936002)(229853002)(6436002)(71190400001)(71200400001)(36756003)(33656002)(446003)(6246003)(6916009)(186003)(6506007)(53546011)(76176011)(83716004)(54906003)(102836004)(305945005)(26005)(99286004)(966005)(478600001)(256004)(7736002)(316002)(97736004)(2900100001)(14454004)(476003)(11346002)(486006)(14444005)(2616005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR06MB832; H:DM2PR06MB909.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-microsoft-antispam-message-info: z43rrmE4lq3eP8UiVXfwZGcPm2WkTqRiuxw1pZTYGiSBillUtjsH0FN/sOMG3o4xYVT8KNEEiV+/v+5mshdu/Db6CmwLD8lbWt+nJzy93zit97HBDOZgwZGB8/wwWAVTxvmHkF9gnb5LHAPz6u/rEiJeT1dSutmfCyNvsDsR0BYSjHtIC2o2qxovVZmm6E+EfuyZDTvHOSXMKRuCHLB4ewnQwHllThm28WeJhJ1LC8N4GyyJDF5K90wIHlX6hXGCBy9HZtdvNA+dzhjJ7fUco2YpqEmhAjSaxc4Z8MZd78AM/5pDcYAKyJNU9qLt4+67PQcdmZyH4sWFmSeQD22a4xXirXXZHp9m5UpqGnF64uE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <A99BBE528A6AE44AA986B081463F1219@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: e06c1915-02ae-45e2-2d27-08d6293dd57b
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2018 14:38:06.8367 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR06MB832
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/k99xvbokmFMV5TIjySkCSaS0Ubs>
Subject: Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> (Network Time Protocol Best Current Practices) to Best Current Practice
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 14:38:15 -0000
Folks, Just a quick note as I know the editor of this document is unavailable at the moment… Thanks for the review of this document. We will be working on a response over the course of the next couple of weeks and will respond on the ntp mailing list. Karen > On Sep 26, 2018, at 4:54 PM, Joe Touch <touch@strayalpha.com> wrote: > > Hi, all, > > I agree with Tom’s review below. The text is too colloquial and imprecise - especially for describing advice that involves a level of precision itself. > > Many of the recommendations lack rationale - e.g., simply choosing 4 time servers isn’t sufficient to help ensure reliable, accurate results unless they are chosen to reduce the number of shared “ancestor” servers. > > Even many of the words used need work, e.g., “since” is temporal (not rationale - which should use “because”), and the error is especially problematic in a document describing time. Time itself is referred to as if having a single definition, where the security concerns used as rationale often depends on the use of a single, common, *absolute* shared time scale, not simply “time” (which could also refer to relative time). > > The section on leap smearing fails to underscore the key issue - that NTP is intended to provide a UTC time scale, and leap smeared-time is NOT UTC time, which then undermines the ability to compare NTP time values in a single time scale - which then can impact security protocols, financial transactions, etc. The issue is more than whether public servers should smear; the issue is whether smearing defeats the very definition of NTP as a protocol. BCP should indicate that smearing MUST NOT be used in an NTP server using the assigned NTP port number, period. Frankly, it was a mistake that its support was ever added to the NTP codebase. The only alternative would be for NTP to be extended to report “smeared time” as a *distinct* time scale, which it currently does not. The issue if multiple time scales is discussed in a draft I have been working on, FWIW (draft-touch-time). > > This is just a short list of the failures of this document, where Tom lists others below. > > I do think it would be useful to have a BCP for NTP, but I am not clear that this draft is more than a good reason to start that process. I worry whether using it as a starting point can evolve to the level that we should expect from a BCP. > > Joe > > >> On Sep 26, 2018, at 2:57 AM, tom petch <daedulus@btconnect.com> wrote: >> >> This I-D leaves me uncertain. Should it be an RFC? Does it qualify for >> BCP status? I think 'maybe' and 'no' respectively >> >> There are a number of detailed glitches - see below - but the overall >> style is of more concern to me where BCP status is concerned. Statements >> such as: >> - the answer is obvious >> - they agree well enough >> - Use your NTP implementation's remote monitoring capabilities to >> quickly identify servers which are out of sync >> - the MAC may always be based on an MD5 hash >> - Readers are encouraged to adopt its mechanisms. >> - Contact the maintainers of your implementation for more information. >> - access control should be used to limit the exposure of this >> information to inappropriate third parties >> - A much better approach might be >> - If, against long-standing recommendation, >> - Readers of this BCP already understand >> - Readers are encouraged to check the status of the draft, >> >> some of which I think misleading, none of which I expect to see in a >> BCP. Most of it is too vague for me; section 6 stands out as being more >> of what I would expect to see in a BCP. >> >> Also, it is symptomatic, for me, that the 'Requirements Language' is out >> of >> date, lacking reference to RFC8174, and yet I see a lot of lower case >> words, such as 'recommended', along with some upper case. >> >> Likewise, the I-D starts with >> 'Many network security mechanisms rely on time' >> so security is a key part, if not the point, of the I-D yet I find >> Security Considerations weak. Section 5 references RFC7384, >> 'profound threat analysis for time synchronization protocols '. Yes, >> but it is ironic that that RFC, detailed, thorough, useful, is only >> Informational; and it is not mentioned in this, the section on Security >> Considerations. This section does not point to threats >> and mitigations from the body of the I-D, rather it seems to weaken the >> whole I-D with somewhat vague statements. >> >> Picking up on some details, >> >> Abstract >> RFC 5905 [RFC5905]. >> looks like a reference which is not ok for an Abstract which needs to be >> plain text. >> >> 1.1. Requirements Language >> out of date no RFC8174 >> >> 3.1 >> BCP38 Info page [1] . >> I did not immediately recognise [1] as a reference to a URL. >> >> 4 >> compilied in Section Appendix A. >> compiled? >> >> 4.1 >> opposed to an SNTP implementation >> expansion would be helpful >> >> this section in general lacks any detail of 'how'. What is agreement, >> between two >> sources? How do I converge three sources? I look to a BCP for advice >> on such matters. >> >> 4.2 >> There is a general principle behind this that I would like to see >> stated, namely to ensure that multiple sources are really independent. >> I learnt this when I read about Apollo moon shots, but have seen it >> ignored many times since. You have to work hard to track back to the >> details of the technology in use to find out if there is really more >> than one code base, or chip set, or... in use. Where security >> depends on such matters, you really need to do that to ensure you have >> independence. Appendix A suggests that there is but one code base. >> >> 4.4 >> its syslog shows >> Is this a recommendation to use the 'syslog' protocol as opposed to >> YANG:-) Elsewhere, you use system logs which I think better. >> >> I think too that there is a general point that is missing that these >> systems >> need error logging, need (remote) monitoring, else ... well, what is the >> threat? what is the mitigation? >> >> broadcast client >> sounds like a client that broadcasts rather than one that receives >> broadcasts. >> >> 4.6 >> GNSS >> I would like expanded on first use >> >> IERS >> ditto >> >> 4.6.1 >> using a leap-smear can cause your reported time to be "legally >> indefensible >> sounds like a SHOULD NOT if this is a BCP >> >> 5 >> /A profound threat analysis for time synchronization protocols are >> given/ >> A profound threat analysis for time synchronization protocols is given/ >> >> 5.1 >> the MAC may always be based on an MD5 hash, >> MD5 is regarded as too weak in many contexts; does that apply here? >> >> Generally, is there any difference between IPv4 and IPv6 here? IP >> addresses are >> often mentioned but no mention of different versions. RFC4786, e.g., is >> explicit that it covers both. >> >> Appendix A >> >> /specific to various implementation of RFC 5905./ >> specific to various implementations of RFC 5905./ >> except that the advice seems to be specific to ntpd and not >> apply to any other implementation >> >> A.1.2 >> /mode 7 /Mode 7 / >> >> /BY default/by default/ ? >> >> >> Tom Petch >> >> ----- Original Message ----- >> From: "The IESG" <iesg-secretary@ietf.org> >> To: "IETF-Announce" <ietf-announce@ietf.org> >> Cc: <ntp-chairs@ietf.org>; <ntp@ietf.org>; >> <draft-ietf-ntp-bcp@ietf.org>; <suresh@kaloom.com> >> Sent: Monday, September 24, 2018 6:07 PM >> >> => The IESG has received a request from the Network Time Protocol WG >> (ntp) to >>> consider the following document: - 'Network Time Protocol Best Current >>> Practices' >>> <draft-ietf-ntp-bcp-07.txt> as Best Current Practice >>> >>> The IESG plans to make a decision in the next few weeks, and solicits >> final >>> comments on this action. Please send substantive comments to the >>> ietf@ietf.org mailing lists by 2018-10-08. Exceptionally, comments may >> be >>> sent to iesg@ietf.org instead. In either case, please retain the >> beginning of >>> the Subject line to allow automated sorting. >>> >>> Abstract >>> >>> >>> NTP Version 4 (NTPv4) has been widely used since its publication as >>> RFC 5905 [RFC5905]. This documentation is a collection of Best >>> Practices from across the NTP community. >>> >>> The file can be obtained via >>> https://datatracker.ietf.org/doc/draft-ietf-ntp-bcp/ >>> >>> IESG discussion can be tracked via >>> https://datatracker.ietf.org/doc/draft-ietf-ntp-bcp/ballot/ >>> >>> No IPR declarations have been submitted directly on this I-D. >>> >>> The document contains these normative downward references. >>> See RFC 3967 for additional information: >>> rfc1305: Network Time Protocol (Version 3) Specification, >> Implementation and Analysis (Draft Standard - Legacy stream) >>> rfc5905: Network Time Protocol Version 4: Protocol and Algorithms >> Specification (Proposed Standard - IETF stream) >>> rfc7384: Security Requirements of Time Protocols in Packet >> Switched Networks (Informational - IETF stream) >>> rfc7094: Architectural Considerations of IP Anycast >> (Informational - IAB stream) >> >
- [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> (Net… The IESG
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … Steven Sommars
- [Ntp] Antw: Re: Last Call: <draft-ietf-ntp-bcp-07… Ulrich Windl
- [Ntp] Antwort: Antw: Re: Last Call: <draft-ietf-n… dieter.sibold
- [Ntp] Antw: Antwort: Antw: Re: Last Call: <draft-… Ulrich Windl
- Re: [Ntp] Antw: Antwort: Antw: Re: Last Call: <dr… Miroslav Lichvar
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … Karen O'Donoghue
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … Denis Reilly
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … Denis Reilly
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … Denis Reilly
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … Benjamin Kaduk
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-bcp-07.txt> … tom petch