Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
Harlan Stenn <stenn@nwtime.org> Sun, 09 December 2018 05:48 UTC
Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF573130E57 for <ntp@ietfa.amsl.com>; Sat, 8 Dec 2018 21:48:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhFHYTVhL_La for <ntp@ietfa.amsl.com>; Sat, 8 Dec 2018 21:48:13 -0800 (PST)
Received: from chessie.everett.org (chessie.everett.org [IPv6:2001:470:1:205::234]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DA61130DC8 for <ntp@ietf.org>; Sat, 8 Dec 2018 21:48:11 -0800 (PST)
Received: from [192.168.1.16] (71-93-229-51.dhcp.mdfd.or.charter.com [71.93.229.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 43CFcB38vWzL7K; Sun, 9 Dec 2018 05:48:10 +0000 (UTC)
To: kristof.teichel@ptb.de
Cc: ntp@ietf.org
References: <4e9efcc4-0285-72c1-9119-7cbd167847d0@nwtime.org> <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <0DAD4C5F-EAFA-4A3D-A3E4-55F34A7C1BFE@isoc.org> <AM0PR0602MB3730B2389832592B5A1D2647FFA90@AM0PR0602MB3730.eurprd06.prod.outlook.com> <OF03487E97.EB065354-ONC125835D.006E9262-C125835D.00717024@ptb.de>
From: Harlan Stenn <stenn@nwtime.org>
Openpgp: preference=signencrypt
Autocrypt: addr=stenn@nwtime.org; prefer-encrypt=mutual; keydata= xsDNBFI2xmQBDACrPayw18eU4pIwCvKh7k0iMkAV9cvzs49kBppM+xoH+KKj4QWmkKELD39H ngQnT3RkKsTLlwxyLqPdUmeQNAY2M5fsOK+OF6EvwLPK9hbmE3Wx2moX+sbEUxJ2VzFhKSKb OPZALXwk1XxL0qBedz0xHYcDwaSAZZkEFXURv2pDIdrmnoUnq2gdC8GpoFJiXoUaCLSYzzaY ac4Njw7Mue8IqfzRQb70aMjXl/qmsmfmEVAyGXywDdc/ler4XSgiuYOV7Kf69bj9PFZZSMdJ MWgEyZH6lJ0TU5ccR2zp5ZRmWzQQkxJMyH2th7q0Nmz3aX4A0K4yE0Ba9/5Dr7ctpF15BrMF aEo4s5lwI6tUnkgMWo265mMzCz4mAPV/ac0w0OXQg7r9E2r0+dRapnzUlG43D0JLDqDr9uRR L6IrRQqoCWUC75lfmPYQYSlaTJaK68r3lXd0z1cXJUgVtEL5H3/Z71R2B20twcQVAnw2iIH6 L5vdrsIjHrMmkqRVbs9nNyEAEQEAAc0nSGFybGFuIE0gU3Rlbm4gKFBGQ1MpIDxoYXJsYW5A cGZjcy5jb20+wsD8BBMBAgAmAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlI2xr0C GQEACgkQyIwAt1pH+kDfsQv/Q8fSJks4uNNyLf0O2kX9cepWExSTBpSgc1wsr65ldAx3fuPT ci+gymO0qs1PlGYPYuMFEVmIRpJFy/tUVXZIGIZtlOURAHXjov0NbdwyZnOahEaja3jL+bBH GGJpRtmD+CCAVkj1UEUNF2mLqUgwEQarvHLCI6j1xz5+kxzdXsF3jVAlLMRkpScOfZ2NiHq7 Dp8ClCcEALI+lU2sUIP8dGTqNCM03ma0M5T53PIzkD8tRMNa5Dznv6E3+eFE6xefm5uMzCWs XEzxxaaoVnkoFxyrJpHBkDuIl5MKhcyG0lcmmVeM35MoZpJXE6fgqvbq9XZccSQUcpY1OrwM mc2CjjTsm5K9IFDyD7yRA6xh4Z/ExSFBnwky2JwMJtJgqDRsLFkSvYCq+m+Zc3YWP8rGbmdR Lk57eZ3hdt9MuUX879LyjAKHWm5aFbCs5vsq2n8XWrxJMVHVOUy5pQlzAz5fa+5yjba9YM7L 4DMefzQZ9Q3P+TfBofmsQSbH54rkK/WAzsDNBFI2xmQBDADXLsBkI7CSa5UXlrNVFJQHER1V xRBKqjWWCh/8Qv9v3p3NrIc2UnhoZ1uWQ2voBGty5Xfy9k4afV5kWwDyRDUIb7PX+Tj4HjVV r7qvnOVe/0KzZpNq0Azd0ggFbsM+8mydktHIwJykW0NUsGwPRYuDOA0Lro0ohb5IiCt3sSQi 1X1hYjo7O1Vmn8Gy/XYOnhnMux+5zDPO2yTkCNX5PocYi9IJJy6pMq1yQV4Y2Dl8KtQzvtq5 5vCUxx6n0MMzFViGwNW6F4ge9ItO4tDScsgowDrHa208ehwOpv/iwjf93lCClQ6vaKmOBX87 2K/tdY/hwhxPPjgl1bcrOwMRYVemOPPehwnXH5bwclk1hvDQdkJQ5pJOkE4VCryTF/iDAt4g 2QnHocUwt3b6/ChUUWmj2GZ22OR12rbnCtLedwp0DpViKPUCQHBOvpgXdzE/L9zWar9fqM0E REMgfWbsJc9028qluCcFLIN1gYsq4cC+YGAcOu7HOI5orBBV4m9jXfsAEQEAAcLCfgQYAQIA CQUCUjbGZAIbLgGpCRDIjAC3Wkf6QMDdIAQZAQIABgUCUjbGZAAKCRDfCQ/G52/8P/uWDACe 7OEM+VETDRqjQgAwzX+RjCVPvtgrqc1SExS0fV7i1mUUxr/B8io3Y1cRHFoFKmedxf8prHZq 316Md5u4egjFdTT6ZqEqkK0hvv+i0pRpCa5EX9VIStcJStomZp8FcY34grA+EOWITaLQ4qNZ UP7rf2e7gq1ubQTj7uLr6HZZvMZ5em+IvrOWEuWDI6yOiI6px04wRDfkoR2h6kgdw4V0PT4N jK9WYYKrVCf1bjLlVImNBEcXfvlUTrIYO8y6ptvoUsBQky5pQRvP99Pn42WfyLy50aII6+vy udD4T0yLjXAz4KteUttxtIte64m/F9/7GEIZAxTUcLyOq/7bP4leh39jBckwc62iYzeK/VkU /bMMh2D68Z3QylMnhhcW27BcgQHPKsHhmFa2SNytYcuQiSdf9+pj4i32ETz1nJAvYAAqgTF/ 0PL+8ZNQoEpe/n9woMKrlZrqD4EgFmhQ3bNVhlaXz1nuTZDrwPt1yMxBuUNbCF4jFnaruwrS iGTRoIfUZQwAjQglahrV4/mcjfnvbNoseHX0PKd9q+wjg7MIjWqrf2CI8Fa6MdanqwYphz43 I2yXANKFZuMWsWqyQYlvGuPUlUUcAL3stp24RkzDB1Q+JS0IZJSTT2JSu0aTfUdWVNqr2UI1 9eX+zxbOTckSi3Ng14ezG8ZX194ZH10b8JzntQOwmA20pd5JDhugzQfASER+CZDiPPcQ4mvC 4y7rMrfV6XGQbDynC3ekDxo8SC5SvjaczXMwXg6SZ8iFtEWmEwW9r7zPjjIPDrX8w5LXBgxA rM5o/HbERpc2EdAvMh1D7LC0SvmoE7fBKxsicVBe4h6vXjEZ+LLr/wuZiBld9OnxAUIpwptb BspO6WKTQYvgFH2OeDG27hiE5P4Xs4WSp5j9ez8OVB1iZnA2nCQ+tNTjO8c+C/P92vPLx5+b pGRXTXMNaLh34PS3ZsYoUDkKZNhczRZUWJ7nynSbeeyF+QW7SLwAqY7O7dyk9LFTsfJqRQJ7 tWnIAjJPCwmSgQ8Kl0UJ
Message-ID: <b558b0de-a451-f233-e86c-26f4b065c164@nwtime.org>
Date: Sat, 08 Dec 2018 21:48:05 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <OF03487E97.EB065354-ONC125835D.006E9262-C125835D.00717024@ptb.de>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/n5gXQmcSn90AWjjrcsjXSrD48rE>
Subject: Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2018 05:48:16 -0000
Hence my objections remain. H On 12/8/2018 12:39 PM, kristof.teichel@ptb.de wrote: > I'm on my browser mail client and sadly can't respond in-line without making a > mess of the formatting. > > The summary of my response is: yes, we have seen most or all of the here-cited > concerns of yours before, and dismissed them. > Sorry if that was not always communicated clearly enough - although I have a > feeling that in most cases, it was. > > In any case, let me give short-ish versions of replies regarding the mentioned > points: > > - The "earmarked" EF type thing: to me it looks like you're basically trying to > have NTS make people adhere to an NTF-internal numeration system (the only place > I know of where it is "standardized" is the Autokey RFC?). That, I oppose. > > - Being "monolithic": this seems like a mere impression that you have that is > also mostly false (e.g. a client could choose to send no cookie placeholders and > ignore all fresh cookies - though I do not advertise this idea). I can only > guess what you would like us to do about your concern, and the things I am > guessing (such as dividing AEAD and fresh cookies off into some kind of optional > sub-mode), I definitely oppose. > > - TCP matters: are you seriously suggesting for NTS to rest until a number of > other drafts potentially reach RFC status? If not, what exactly are you > suggesting? If so, I oppose. > > - The "one cookie/placeholder per field" issue: could someone who has > implemented this please elaborate on the typical size of a cookie? In any case, > a placeholder must by design be as large, so I'm not convinced there is any > issue here. In either case, I don't see an actionable suggestion (I can guess at > one, bit for that one I would still need to be convinced there is an issue in > the first place). > > - The "all modes or bust" issue: I remember giving you a lengthy response to > this previously. Please stop insisting this concern has never been adressed. > Also, what is you actionable suggestion? Put everything on hold, until solutions > have been found that everyone including you can agree on, for modes that are > used significantly less than the one adressed? If so, I oppose. > > - The "Dave has a viable alternative" claim: what is the proposed "solution" of > which you speak? I remember a document skeleton which barely had more than > headlines for its sections, and I remember a lengthy document that switched > between a vague critique of mixed NTS versions and a proposal for what a > proposal might look like (where some of the few concrete suggestions would be > attackable with methods straight out of Roettger's 2012 critique of Autokey)... > if you mean either of those then please stop bringing them up as though there > was a serious discussion to be had at this point. If you mean something else, > please refer us to it so that a real discussion is possible. And again, what > would even be your actionable suggestion to us, the editors of the NTS document? > > Is there anything else (preferably actionable suggestions) you still feel has > not been adressed? > > > Best regards, > Kristof > > > -----"ntp" <ntp-bounces@ietf.org <mailto:ntp-bounces@ietf.org>> schrieb: ----- > An: ntp@ietf.org <mailto:ntp@ietf.org> > Von: "Harlan Stenn" > Gesendet von: "ntp" > Datum: 07.12.2018 23:05 > Betreff: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp > > I am strongly supportive of the goal of providing a replacement for > Autokey, as soon as possible. > > As written, I am opposed to the adoption of this proposal, as the > detailed objections and concerns I have repeatedly raised have still not > been addressed. > > Off the top of my head, here is a (partial?) summary of my objections: > > - we have long earmarked EF type 4 for NTS, and this is still not in the > document as a recommendation for IANA. In particular, if the proposal > advances as written we would want to see: > > | 0x0104 | * NTS Unique Identifier Request | > | 0x8104 | * NTS Unique Identifier Response | > | 0x0204 | * NTS Cookie | > | 0x0304 | * NTS Cookie Placeholder | > | 0x0404 | * NTS AEEF Request | > | 0x8404 | * NTS AEEF Response | > > (or similar). There is no good reason to leave it up to IANA to > possibly assign 6 random EFs for this use case. > draft-stenn-ntp-extension-fields (for which I will be trying to post an > update soon) clearly and simply describes this. > > - The proposal is too monolithic, and we would all be better served with > a proposal that separates the cookie mechanism and encrypted transfers > into separately-usable mechanisms. There may be other similar cases as > well, but my brain is too fuzzy right now to think more about this. > > - It creates a separate TCP service/port specifically for NTS key > exchange. This is wasteful in general, and would be better served by > folks collaborating on: > > draft-stenn-ntp-tcp-services > draft-stenn-ntp-tcp-services-keyexchange > > - The proposal uses multiple Cookie and Cookie Placeholder messages (as > I recall - see my other message about the cold I'm still recovering > from) instead of having a single Cookie and Cookie Placeholder message > that supports multiple entries. This would not be an issue if 7822 did > not specify a 28-octet minimum final EF size, or if > draft-stenn-ntp-extension-fields was implemented (or being considered, > even). > > - It only supports client/server mode, and it does so in a way for which > adding support for symmetric and [mb]*cast modes had been demonstrated > to be problematic. We need an encompassing solution, and this isn't it. > > It would not surprise me at all to discover issues I have forgotten to > list above that are in my previous messages on this topic. > > I'm sorry I haven't had the resources to once again re-study and re-list > my objections to this proposal. > > Dave Mills has posted several papers about the above problems including > a proposed solution, but for whatever reasons, for years we have > continued to pursue this increasingly limited solution instead of > working towards a better/more functional solution. > > As I said in an earlier message, Dave is currently unable to receive or > send email messages, so he apparenetly can't participate in this WGLC. > > -- > Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org>> > http://networktimefoundation.org - be a member! > > _______________________________________________ > ntp mailing list > ntp@ietf.org <mailto:ntp@ietf.org> > https://www.ietf.org/mailman/listinfo/ntp > -- Harlan Stenn <stenn@nwtime.org> http://networktimefoundation.org - be a member!
- [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Loganaden Velvindron
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- [Ntp] Fwd: WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- [Ntp] Dave Mills: Re: WGLC: draft-ietf-ntp-using-… Harlan Stenn
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Miroslav Lichvar
- Re: [Ntp] Fwd: WGLC: draft-ietf-ntp-using-nts-for… kristof.teichel
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Denis Reilly
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Marcus Dansarie
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Harlan Stenn
- [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using-nts… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-ietf-… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Salz, Rich
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Harlan Stenn
- Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-i… Harlan Stenn
- Re: [Ntp] Antwort: Re: Antwort: Re: WGLC: draft-i… kristof.teichel
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… Salz, Rich
- Re: [Ntp] Antwort: Re: WGLC: draft-ietf-ntp-using… kristof.teichel
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Brian Haberman
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Karen O'Donoghue
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Marcus Dansarie
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Salz, Rich
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Salz, Rich
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Martin Langer
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Dieter Sibold
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Ragnar Sundblad
- Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp Miroslav Lichvar