[Ntp] Comments on dratf-ietf-ntp-chronos-02

Watson Ladd <watsonbladd@gmail.com> Fri, 05 March 2021 20:12 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B1AE3A0BE9 for <ntp@ietfa.amsl.com>; Fri, 5 Mar 2021 12:12:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hK7m7C-4Q8Ad for <ntp@ietfa.amsl.com>; Fri, 5 Mar 2021 12:12:39 -0800 (PST)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA12D3A0BDC for <ntp@ietf.org>; Fri, 5 Mar 2021 12:12:38 -0800 (PST)
Received: by mail-ej1-x635.google.com with SMTP id dx17so5894247ejb.2 for <ntp@ietf.org>; Fri, 05 Mar 2021 12:12:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7bEc23vgQ2UAK6Ll5bBXQhlbemQjreR0Y5qE7LSyLtY=; b=ipycub89eK880fgIEYCQ3rcSK4LhwDMBHuSoqZDMdG1tCXUiKbuhRBJquuqJ2I7A2J 0xhDgdSEmEOS3pjlOyqmRHp/cXSmF+1FpOPCf2hEeBitaSaQXTV+Coe7ClbxL2I97EQE HiZX1U/WahxwbaN6IfeK77plt2fYSGp316MeKP7mdidNP5CoO2LWB1iHjTEmaqJf2cqI PSzDi1qDRjbo4nVH0OfV5ppCxRORAMaQ1OgGuuzx5zfo7Tfy2o/CPyYs3Vuz8ItKvotP eBh7EKkFnNtZOni3qTIlAHD5iFRuyo3JlXazPVEJxBTmkGD5DBdJHh9z/Txds7fciiJh FzKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7bEc23vgQ2UAK6Ll5bBXQhlbemQjreR0Y5qE7LSyLtY=; b=erXpCpkpU+Gs2U+dO9/wEfzLLytJshakCBVWXXMZ7q5bp654fIdlB65MyZv7zdD2fE usXsrfyv2zB41WKR4TXgkN6MG1lSGRrGCEddAI+WJCgmQoUNFetT3fjaZrzek+t+hl0z oRrVv/0g5qzlNBM7BP9CZ7JsSrp8m27t31TOGSqPz52uUDihyBkfEE8eZ3XyVZn/vPyA M2+2eVEq/qNbIbz8yBB21L6gnFcPfVSmirRXbQuyLlUxGLf5kZoSwZqYNuevYrKfFXJC XQo1zLoAwF7aXZK4Glu6h+cd3ubuR9C5dgQWwPd99LMfZiULo0TY53NVxBbZoBTiQqI1 8mqA==
X-Gm-Message-State: AOAM533PgZVvarg/JLhep2OnfsQLqiz/33QkZTR8Vsn84+VnV7jJNNdg n+z9QeDVQc+eOw4LDfDctQTPIp1uAxwMw6t/LJncSi5niME=
X-Google-Smtp-Source: ABdhPJx5yQ5JJwJwtMJDQ+igAJZFc8MsvsZSZ+wVs9yxXikJV+V3VkRDFhq2Qy1pjmBV99uFq8loyDy8VSDVXe92o0Y=
X-Received: by 2002:a17:906:6c93:: with SMTP id s19mr3923702ejr.151.1614975156032; Fri, 05 Mar 2021 12:12:36 -0800 (PST)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 05 Mar 2021 12:12:24 -0800
Message-ID: <CACsn0cndt0rQBozQr2kQAhW5-LG1Vvsbc5+XW+0DQ+jae-+dDQ@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/nQk2zrAJNLPMPm1Jhw4eg7gsdb0>
Subject: [Ntp] Comments on dratf-ietf-ntp-chronos-02
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 20:12:40 -0000

Dear NTP WG,

One minor editorial comment: would be nice to include the recommended
parameters in the table for ease of readers. I had to go searching to
see them.

This draft seems to imply that the pool is being used. Otherwise the
requerying doesn't produce more servers. Reachability and increased
load on a volunteer shared resource are questions that need to be
addressed. We're happy to handle every device on the internet if it's
well behaved, but most parties in the pool cannot. Gathering can be a
passive DNS based approach, but this runs into potential caching
issues.

I also take issue with the assertion that chronos addresses network
adversaries. Nothing prevents a network adversary from controlling all
packets with dst=123 and shifting the time except authentication.
Chronos only solves byzantine attackers, which authentication of
trusted time servers also does. That's not to say it isn't useful, but
I think the claims are too broad.

Sincerely,
Watson Ladd

-- 
Astra mortemque praestare gradatim