IETF Logo Mail Archive

Re: [Ntp] Objections to the current language in draft-ietf-data-minimization

Harlan Stenn <stenn@nwtime.org> Tue, 26 March 2019 10:04 UTC

Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17FA9120282 for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 03:04:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oATWcR0V0Fl0 for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 03:04:50 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [IPv6:2001:470:1:205::234]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 831551202A1 for <ntp@ietf.org>; Tue, 26 Mar 2019 03:04:50 -0700 (PDT)
Received: from [10.208.75.157] (75-139-194-196.dhcp.knwc.wa.charter.com [75.139.194.196]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 44T6Dy0nwZzL7N; Tue, 26 Mar 2019 10:04:50 +0000 (UTC)
To: ntp@ietf.org
References: <8b9e85cb-3d6a-4e71-cbe7-9956e301a22d@nwtime.org> <CACsn0c=SrDXWNg7pNFHy0yLKugNLTADMbE9ae4iiNAhNPc6Y8g@mail.gmail.com>
From: Harlan Stenn <stenn@nwtime.org>
Openpgp: preference=signencrypt
Autocrypt: addr=stenn@nwtime.org; prefer-encrypt=mutual; keydata= mQGNBFI2xmQBDACrPayw18eU4pIwCvKh7k0iMkAV9cvzs49kBppM+xoH+KKj4QWmkKELD39H ngQnT3RkKsTLlwxyLqPdUmeQNAY2M5fsOK+OF6EvwLPK9hbmE3Wx2moX+sbEUxJ2VzFhKSKb OPZALXwk1XxL0qBedz0xHYcDwaSAZZkEFXURv2pDIdrmnoUnq2gdC8GpoFJiXoUaCLSYzzaY ac4Njw7Mue8IqfzRQb70aMjXl/qmsmfmEVAyGXywDdc/ler4XSgiuYOV7Kf69bj9PFZZSMdJ MWgEyZH6lJ0TU5ccR2zp5ZRmWzQQkxJMyH2th7q0Nmz3aX4A0K4yE0Ba9/5Dr7ctpF15BrMF aEo4s5lwI6tUnkgMWo265mMzCz4mAPV/ac0w0OXQg7r9E2r0+dRapnzUlG43D0JLDqDr9uRR L6IrRQqoCWUC75lfmPYQYSlaTJaK68r3lXd0z1cXJUgVtEL5H3/Z71R2B20twcQVAnw2iIH6 L5vdrsIjHrMmkqRVbs9nNyEAEQEAAbQ5SGFybGFuIFN0ZW5uIChOZXR3b3JrIFRpbWUgRm91 bmRhdGlvbikgPHN0ZW5uQG53dGltZS5vcmc+iQG5BBMBAgAjBQJSNsblAhsvBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AACgkQyIwAt1pH+kBlzgv/QOg70vdj8wU/z97UPdlbxtN4THAB gfSX4N0VPKT5fjX1tFhuXZQAOv7wedR3Trh7TGteyg33TBAFf9A42mXZKi1IxAiQG118Hd8I 51rXwnugURIYQaIyQI+vbchRbwVyz+mVLTI/h6FdbsVzT4UFmir+ZMkb/XeZPu0HItk4OZHE 6hk+TuTiCnlqlCPLq371fXV54VOb91WZYD8EQFtK02QHGHsQqWvapdphiDVpYehmsPyiTESq NMKLVtjtyPkQ6S7QF3slSg+2q3j8lyxEA78Yl0MSFNU8B/BtKgzWP2itBOfi+rtUKg+jOY1V /s2uVk2kq2QmHJ/s5k5ldy3qVvoTpxvwBe0+EoBocTHYt+xxp0mTM6YY1xLiQpLznzluqg9z qtejX1gZOF4mgLiBIrhXzed3zsAazhTp5rNb1kn0brZFh6JC5Wk941eilnA4LqX8AWo0lmwo eb+mpwZK/5lNdage/anpVqft9wJ/8EcvST9TLUO4fPrmT3d/0LpWuQGNBFI2xmQBDADXLsBk I7CSa5UXlrNVFJQHER1VxRBKqjWWCh/8Qv9v3p3NrIc2UnhoZ1uWQ2voBGty5Xfy9k4afV5k WwDyRDUIb7PX+Tj4HjVVr7qvnOVe/0KzZpNq0Azd0ggFbsM+8mydktHIwJykW0NUsGwPRYuD OA0Lro0ohb5IiCt3sSQi1X1hYjo7O1Vmn8Gy/XYOnhnMux+5zDPO2yTkCNX5PocYi9IJJy6p Mq1yQV4Y2Dl8KtQzvtq55vCUxx6n0MMzFViGwNW6F4ge9ItO4tDScsgowDrHa208ehwOpv/i wjf93lCClQ6vaKmOBX872K/tdY/hwhxPPjgl1bcrOwMRYVemOPPehwnXH5bwclk1hvDQdkJQ 5pJOkE4VCryTF/iDAt4g2QnHocUwt3b6/ChUUWmj2GZ22OR12rbnCtLedwp0DpViKPUCQHBO vpgXdzE/L9zWar9fqM0EREMgfWbsJc9028qluCcFLIN1gYsq4cC+YGAcOu7HOI5orBBV4m9j XfsAEQEAAYkDPgQYAQIACQUCUjbGZAIbLgGpCRDIjAC3Wkf6QMDdIAQZAQIABgUCUjbGZAAK CRDfCQ/G52/8P/uWDACe7OEM+VETDRqjQgAwzX+RjCVPvtgrqc1SExS0fV7i1mUUxr/B8io3 Y1cRHFoFKmedxf8prHZq316Md5u4egjFdTT6ZqEqkK0hvv+i0pRpCa5EX9VIStcJStomZp8F cY34grA+EOWITaLQ4qNZUP7rf2e7gq1ubQTj7uLr6HZZvMZ5em+IvrOWEuWDI6yOiI6px04w RDfkoR2h6kgdw4V0PT4NjK9WYYKrVCf1bjLlVImNBEcXfvlUTrIYO8y6ptvoUsBQky5pQRvP 99Pn42WfyLy50aII6+vyudD4T0yLjXAz4KteUttxtIte64m/F9/7GEIZAxTUcLyOq/7bP4le h39jBckwc62iYzeK/VkU/bMMh2D68Z3QylMnhhcW27BcgQHPKsHhmFa2SNytYcuQiSdf9+pj 4i32ETz1nJAvYAAqgTF/0PL+8ZNQoEpe/n9woMKrlZrqD4EgFmhQ3bNVhlaXz1nuTZDrwPt1 yMxBuUNbCF4jFnaruwrSiGTRoIfUZQwAjQglahrV4/mcjfnvbNoseHX0PKd9q+wjg7MIjWqr f2CI8Fa6MdanqwYphz43I2yXANKFZuMWsWqyQYlvGuPUlUUcAL3stp24RkzDB1Q+JS0IZJST T2JSu0aTfUdWVNqr2UI19eX+zxbOTckSi3Ng14ezG8ZX194ZH10b8JzntQOwmA20pd5JDhug zQfASER+CZDiPPcQ4mvC4y7rMrfV6XGQbDynC3ekDxo8SC5SvjaczXMwXg6SZ8iFtEWmEwW9 r7zPjjIPDrX8w5LXBgxArM5o/HbERpc2EdAvMh1D7LC0SvmoE7fBKxsicVBe4h6vXjEZ+LLr /wuZiBld9OnxAUIpwptbBspO6WKTQYvgFH2OeDG27hiE5P4Xs4WSp5j9ez8OVB1iZnA2nCQ+ tNTjO8c+C/P92vPLx5+bpGRXTXMNaLh34PS3ZsYoUDkKZNhczRZUWJ7nynSbeeyF+QW7SLwA qY7O7dyk9LFTsfJqRQJ7tWnIAjJPCwmSgQ8Kl0UJ
Message-ID: <4498c8f3-4e87-fc62-20d3-b9d5cd9c4366@nwtime.org>
Date: Tue, 26 Mar 2019 03:04:44 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <CACsn0c=SrDXWNg7pNFHy0yLKugNLTADMbE9ae4iiNAhNPc6Y8g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/lnNVMk2Ro-SHiQXE0pEEltISo4c>
Subject: Re: [Ntp] Objections to the current language in draft-ietf-data-minimization
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 10:04:53 -0000

Sorry, I missed the later questions.

On 3/26/2019 2:41 AM, Watson Ladd wrote:
> 
> ...
>
>     Now let’s move to the approaching leap second event.  In this case, I’ll
>     be assuming the behavior of what I call 12/12 leap smearing, where a
>     half-second of correction is applied beginning at UTC noon on the day of
>     the leap second (ie, for 12 hours’ time), and the final half-second of
>     correction is applied starting at midnight UTC after the leap second was
>     applied until UTC noon on the day after the leap second (ie, for the
>     remaining 12 hours’ time).
>     To save folks from having to look it up, NTP communicates knowledge
>     about pending leap events via the first two bits of the NTP packet,
>     known as the LI, or Leap Indicator bits:
> 
>      0x0    Normal time
>      0x1    Last minute of the last DOM has 61 seconds
>      0x2    Last minute of the last DOM has 59 seconds
>      0x3    Not synchronized
> 
>     NTP instances sending mode 3 (client request) queries expect to receive
>     a mode 4 (server) response.  This response may be the correct time, and
>     it may be leap-smeared time.  The key questions are:
> 
>     - Does the client want leap-smeared time?
>     - Should the server respond with correct, or leap-smeared time?
> 
>     This leads to the follow-on questions:
> 
>     - How can the client know if it's getting correct, or leap-smeared time?
>     - How can one tell if a client is following a leap-smearing server?
> 
>     The following simple solution handles both of the first two questions.
> 
> 
> Is this current behavior? 

A) I'm not sure, but I don't see that it matters.  Implementing this
proposal as-written would make this solution impossible.

B) Regardless of A), the Reference Implementation will be doing this
soon, as folks need time to deploy and test it before the next leap
second event.

>     If the client sends its request with LI values of 0x1 or 0x2, it is
>     telling the server that it believes a leap event is pending.  In this
>     case the server SHOULD respond with correct time with an LI value of
>     0x0, 0x1, or 0x2; not leap-smeared time.  If the client sends a packet
>     with LI=0x3, the server SHOULD also respond with correct time with an LI
>     value of 0x0, 0x1, or 0x2.
> 
>     If the client sends its request with an LI value of 0x0 before leap
>     smearing starts, the server SHOULD respond with correct time with an LI
>     value of 0x0, 0x1, or 0x2.  If the client sends its request with an LI
>     value of 0x0 *during* a leap smear correction, the server SHOULD respond
>     with leap-smeared time and an LI value of 0x0, and MAY respond with
>     correct time and an LI value of 0x1 or 0x2.
> 
>     Furthermore, responses containing leap-smeared time SHOULD include a
>     REFID that identifies the "system peer" as a leap-smeared source.  See
>     draft-stenn-ntp-leap-smear-refid for more information.  This response
>     also SHOULD include a SUGGESTED-REFID extension field, as described by
>     draft-stenn-ntp-suggest-refid, to make it obvious that the system is
>     following leap-smeared time.  These points address the  two follow-on
>     questions.
> 
>     The LEAP-SMEAR-REFID and SUGGESTED-REFID extensions have another key
>     role during the application of a leap smear - that of making sure the
>     system behaves properly during the last half of the 12/12 leap smear
>     correction.
> 
>     Once the leap second has applied, the LI value for correct time reverts
>     to 0x0.  When a leap smearing client asks for time during the second
>     phase of this correction, it will be sending its requests with LI=0x0,
>     as *all* time requests from a leap-smearing client will contain LI=0x0
>     when a leap event is not pending.  But in this case, how does the server
>     know it should continue sending leap-smeared time, as opposed to correct
>     time?  The answer is that the client requests include the client's
>     REFID, which in this case SHOULD be a LEAP-SMEAR-REFID.
> 
> 
> A future spec of this behavior can override the draft or future rfc. Why
> is that not an option?

Why delay?

Past experience shows that it takes YEARS for progress to be made in the
committee, even for simple things.  Leap second events currently happen
roughly about once every year and a half or so.

Some of us plan to have solid experience under our belts by the time
that happens.

>     When a server receives a mode 3 (client) request containing a
>     LEAP-SMEAR-REFID during the second phase of a leap-smear correction, the
>     server SHOULD respond with leap-smeared time and a LEAP-SMEAR-REFID as
>     the SUGGESTED-REFID.
> 
>     When the leap-smear correction has ended, normal query/responses will
>     again be in effect.
> 
>     Finally, servers should know when a leap event is about to occur.  Other
>     systems may not have this information.  It’s polite, cooperative, and
>     informative if the client sends its poll interval to the server.  A
>     server that knows a leap second event is coming SHOULD reply with a
>     suggested poll interval that will, even in the face of dropped UDP
>     packets, allow the client that pays attention to the suggested poll
>     interval from the server to re-query often enough to quickly track these
>     events and stay well-synchronized.
> 
>     In short, if you care about data minimization more than you care about
>     having accurate synchronized time, minimize away.
> 
>     If you are primarily interested in having accurate synchronized time,
>     playing nice with others, getting the time you want and be able to see
>     what's going on during a leap second event:
> 
>     - be honest with your LI bits
>     - be honest when reporting your poll interval
>     - pay attention if a server asks you to adjust your poll interval
>     - consciously choose the REFID in your messages
> 
>     The upcoming (full) Reference Implementation release of ntp-4.4.0 from
>     the NTP Project will have these behaviors in it.
> 
> 
> Apparently not.

Perhaps you know something I don't.  As the NTP Project Lead I have a
pretty good idea of what's going to be in what release.

> And what is this a reference implementation of if the
> standard has not been updated to include these behaviors?

It's what the current/next revision of NTP is expected to be.

You may disagree with the history of how the NTP Standard has
progressed, and that's OK.

In EVERY CASE, the NTP codebase was fully written, engineered, tested,
and deployed before the first draft of each revision of the Standard was
attempted.

The first alpha release of ntp-4 came out in September of 1997.  The
first production release of ntp-4 came out in February of 2002.  The
first DRAFT of the NTPv4 spec was published in July of 2005, and RFC5905
wasn't published until June of 2010.  That's about 13 years after the
code was released.

If you want to wait to run software until after the Standard has been
passed, and if you don't want to take advantage of improvements that are
not yet standardized, that's certainly your choice.

We're continuing to evolve the codebase into the best possible way to
securely and efficiently communicate synchronized time.  We plan to
continue to do this.

-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

v2.23.0 | Report a Bug | By Email