Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
kristof.teichel@ptb.de Thu, 21 October 2021 07:43 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 486BE3A10F1; Thu, 21 Oct 2021 00:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EId5quqEvm_E; Thu, 21 Oct 2021 00:43:12 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF9BC3A10EE; Thu, 21 Oct 2021 00:43:10 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id 19L7h83g019074-19L7h83i019074 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 21 Oct 2021 09:43:08 +0200
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 24F81C520AE; Thu, 21 Oct 2021 09:43:08 +0200 (CEST)
In-Reply-To: <7A999723-E576-4405-A83F-963556FEB039@gmail.com>
References: <163386015957.12424.6997038478834885480@ietfa.amsl.com> <CAO+dDx=6baLhf9LwSMvR1F0ieuLO6NXmExYLDvcCF2tgchHs8w@mail.gmail.com> <DB8PR02MB5772AC97BFE2D7C1139EFDC0CFB89@DB8PR02MB5772.eurprd02.prod.outlook.com> <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com> <YW2FvUiaHC/hbxkG@localhost> <7A999723-E576-4405-A83F-963556FEB039@gmail.com>
To: Dieter Sibold <dsibold.ietf@gmail.com>
Cc: Doug Arnold <doug.arnold@meinberg-usa.com>, James <james.ietf@gmail.com>, Miroslav Lichvar <mlichvar@redhat.com>, NTP WG <ntp@ietf.org>, ntp <ntp-bounces@ietf.org>
MIME-Version: 1.0
Message-ID: <OF6F22B206.8B109B9D-ONC1258775.00294C49-C1258775.002A6662@ptb.de>
From: kristof.teichel@ptb.de
Date: Thu, 21 Oct 2021 09:43:07 +0200
Content-Type: multipart/alternative; boundary="=_alternative 002A6660C1258775_="
X-FE-Policy-ID: 5:5:5:SYSTEM
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/mxO7DRNC7ShfbekRouHu__q-1dM>
Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 07:43:32 -0000
> >>> Encryption and authentication MUST be provided by the protocol > specification as a default and MUST be resistant to downgrade attacks... > >> > >> To put this another way, I think the specification must provide > confidentiality as well as authentication, and that if either is > applied they cannot be removed from a connection (aka a security > downgrade) which makes authentication the minimum and doesn?t > necessarily mandate confidentiality. > > > > I still don't understand this part. What do "as a default" and > > "authentication the minimum" exactly mean? What information needs to > > be encrypted? Everything? The first octet cannot be encrypted to allow > > detection of NTPv5 packets on the port 123. This is an interesting point. Talking confidentiality can quickly get one to talk about masking the subject of conversation - and with synchronization, there is a very clear divide, where you can either 1) have good synchronization performance, because messages and timestamping are treated with urgency, OR 2) have the conversation not be recognizable as a synchronization exchange. I suspect NTP/any sync protocol will always have to be treated a little bit differently where aspects of confidentiality are concerned. With NTP in particular, yeah, there is even current practice that explicitly demands that packets be recognizable as NTP packets. > > For NTPv5 to be successful in replacing NTPv4, I think it needs to > > support no authentication, symmetric keys and NTS. > > > >> This section in particular could probably use some editing and > clarification to better explain this [1] as we?ll likely need > consensus calls made. > >> > >>> 2. I think that it is better to allow leap smearing and make it > a visible part of the protocol than to pretend it is not going to > happen. On this topic I think that Miroslav?s proposal was more > realistic. Data center network architects tell me they definitely > plan to continue to do leap smearing. > >> > >> In other use cases such as publicly accessible NTP, leap smearing > has effectively fragmented the pools of services a given host can > use as mixing smeared and non-smeared services is not a good idea, > in addition to the start/end and cadence of smearing being > inconsistent between providers [2]. I think that having a ?linear, > monotonic timescale? and leap smearing together are contradictory > and so having smearing in the wire format would requiring changing > that. My proposal doesn?t prevent smearing of a clock being > synchronised, it?s about removing the smear from the wire. > > > > They can be supported both as different timescales, server responding > > in the one that the client has requested. > > > > If you don't allow leap smearing in NTPv5 at all, I suspect people > > will either stick to NTPv4, missing the important improvements in > > NTPv5, or ignore the specification and use a leap-smeared version of > > NTPv5 anyway. > > > > Same for UTC vs TAI. > > Many National Metrology Instituts (NMI) are using NTP to disseminate > the legal time, which always is based on UTC. I suppose NMIs will > appreciate if NTPv5 servers will have the option to disseminate UTC. Currently being employed in PTB's actual time dissemination working group, I can 100% attest to this. All of my colleagues and superiors that I've ever talked to about this were shocked and appalled to learn that the WG was considering anything other than UTC as the basis for dissemination. In that vein, I'm also supposed to communicate that the whole issue might become moot "soon", since leap seconds might just be removed as a thing that happens in UTC. I'm just not sure how that relates to the timeframe for a possible NTPv5 RFC release... > > > > It seems we need to agree on some very high level goals for NTPv5. Is > > it supposed to replace most NTPv4 use cases? Is it supposed to be > > implementable on current operating systems? > > > > -- > > Miroslav Lichvar > > > > _______________________________________________ > > ntp mailing list > > ntp@ietf.org > > https://www.ietf.org/mailman/listinfo/ntp > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] Fwd: New Version Notification for draft-gru… James
- [Ntp] Antw: [EXT] Fwd: New Version Notification f… Ulrich Windl
- Re: [Ntp] Fwd: New Version Notification for draft… Doug Arnold
- [Ntp] Antw: [EXT] Re: Fwd: New Version Notificati… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Doug Arnold
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Hal Murray
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Tony Finch
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Tony Finch
- [Ntp] Antw: Re: Re: Antw: [EXT] Re: New Version N… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… Dieter Sibold
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Martin Burnicki
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… Hal Murray
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Martin Burnicki
- Re: [Ntp] New Version Notification for draft-grue… Doug Arnold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Doug Arnold
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… James
- [Ntp] Antwort: Re: New Version Notification for d… kristof.teichel
- [Ntp] Antwort: Re: Antw: [EXT] Re: New Version No… kristof.teichel
- Re: [Ntp] Antwort: Re: New Version Notification f… Doug Arnold
- Re: [Ntp] Antwort: Re: New Version Notification f… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Steve Allen
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New Ver… Ulrich Windl
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New Ver… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Antw: [EXT] R… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Doug Arnold
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Denis Reilly
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Doug Arnold
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Martin Burnicki
- Re: [Ntp] changes in length of day, was Re: New V… Tony Finch
- [Ntp] Antw: Re: [EXTERNAL] Re: Antw: Re: Antw: Re… Ulrich Windl