Re: [Ntp] [EXT] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv5-requirements
"Windl, Ulrich" <u.windl@ukr.de> Tue, 19 December 2023 08:30 UTC
Return-Path: <u.windl@ukr.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5DE7C14F5F6 for <ntp@ietfa.amsl.com>; Tue, 19 Dec 2023 00:30:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsDq4LI4NhxM for <ntp@ietfa.amsl.com>; Tue, 19 Dec 2023 00:30:32 -0800 (PST)
Received: from mail01.ukr.de (mail01.ukr.de [193.175.194.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0449FC14F5F5 for <ntp@ietf.org>; Tue, 19 Dec 2023 00:30:30 -0800 (PST)
X-CSE-ConnectionGUID: +RuWW+36RYSHfTJ6zuIKuQ==
X-CSE-MsgGUID: ls/y76v4Q4KRJ6fFn4jGDg==
X-ThreatScanner-Verdict: Negative
X-IronPort-AV: E=McAfee;i="6600,9927,10928"; a="538682"
X-IronPort-AV: E=Sophos;i="6.04,287,1695679200"; d="scan'208";a="538682"
Received: from unknown (HELO ukr-excmb04.ukr.local) ([172.24.6.64]) by dmz-infcsg01.ukr.dmz with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Dec 2023 09:30:27 +0100
Received: from ukr-excmb03.ukr.local (172.24.6.63) by ukr-excmb04.ukr.local (172.24.6.64) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.34; Tue, 19 Dec 2023 09:30:26 +0100
Received: from ukr-excmb03.ukr.local ([fe80::1cb4:6e0c:6da4:a8a0]) by ukr-excmb03.ukr.local ([fe80::1cb4:6e0c:6da4:a8a0%4]) with mapi id 15.01.2507.034; Tue, 19 Dec 2023 09:30:26 +0100
From: "Windl, Ulrich" <u.windl@ukr.de>
To: Harlan Stenn <stenn@nwtime.org>, James <james.ietf@gmail.com>, Steven Sommars <stevesommarsntp@gmail.com>
CC: Karen ODonoghue <kodonog@pobox.com>, "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [EXT] [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv5-requirements
Thread-Index: AQHaLn8JjjW0dcqXXk6MeC2CYGHNr7CwTE4Q
Date: Tue, 19 Dec 2023 08:30:26 +0000
Message-ID: <68d0192572af4a0e9374f372b0221752@ukr.de>
References: <CA+mgmiMFLDRggrBUzdJyjhgbM6q0m8nY8PUoU5oxbR2HtZh51A@mail.gmail.com> <CAD4huA4+5R+tVQJQRFwR6vXuO0FZbtgTZwJeTfDjTVDaT4AwJg@mail.gmail.com> <2AEB577B-AEC3-4414-B8B7-9BA7382F3F54@gmail.com> <2f4226a3-484a-4f44-bd1b-758d648a30cd@nwtime.org>
In-Reply-To: <2f4226a3-484a-4f44-bd1b-758d648a30cd@nwtime.org>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.24.3.1]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/o5o6V7gEgpk0YF5-aOy9L-CmvkE>
Subject: Re: [Ntp] [EXT] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv5-requirements
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2023 08:30:36 -0000
Hi! I wonder about the "defined response to a "time impulse"": Sure there should be a reference implementation (in the sense of an example), but is it really necessary for NTP to work? Probably the original idea was that every host on the Internet would be well-behaving, but there days we know that not every host connected to the Internet is well behaving: Shouldn't NTP be able to separate the good guys from the bad guys? I mean: If the client/server response looks plausible, then why not accept it whatever algorithm is behind, and opposite if the response looks bad, ignore it (also whatever algorithm is behind). I mean: If NTP is actually relying on every client to use some specific algorithm to provide responses, wouldn't that actually make an attack on NTP easier (as clients must seemingly trust what the "good algorithm" returned, even if the response is hostile)? Kind regards, Ulrich -----Original Message----- From: ntp <ntp-bounces@ietf.org> On Behalf Of Harlan Stenn Sent: Thursday, December 14, 2023 12:16 PM To: James <james.ietf@gmail.com>; Steven Sommars <stevesommarsntp@gmail.com> Cc: Karen ODonoghue <kodonog@pobox.com>; ntp@ietf.org Subject: [EXT] [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv5-requirements On 12/14/2023 12:29 AM, James wrote: > My responses inline. > >> On 14 Dec 2023, at 01:45, Steven Sommars <stevesommarsntp@gmail.com> wrote: >> >> My interpretation of the draft NTPv5 requirements is that there are intentionally no NTPv4 compatibility requirements. >> E.g., the base payload length may not be 48 bytes, the messages may differ from NTPv4. >> If this is not the intention, the draft should be updated accordingly. If no consensus can be reached the NTPv5 requirements should state this clearly and work on the NTP protocol itself should be paused. > > There is no intention for any such compatibility - Section 4.6 outlines what should be considered. Servers and clients should have defined behaviour based on the version number primarily. I'm not sure why payload length is of concern here - could you please elaborate as to why? The protocol used by NTP was designed to be able to be compatible and at least useful between NTP packet versions. This proposal seems to break this assumption, for no apparent good reason. The authors have apparently explicitly chosen to advance a proposal that has interoperability "difficulties". If a time sync specification is desired that owes no effective interoperability to previous versions: - Don't call it NTP - Don't run it on port 123 - Focus on whatever you choose, and stay out of everybody else's way Next, I see nothing in this proposal about how NTP should behave. The core "mission" of NTP is time synchronization with a (well) defined response to a "time impulse". This is the reason why previous NTP specifications have included the algorithms. Prof. Mills and some others have done a LOT of testing to ensure reliable and predictable behavior of time synchronization, in the "normal" and "time impulse" cases over a very wide range of circumstances. Prof. Mills and others have clearly demonstrated that it is entirely possible (and quite easy) to violate the algorithms and boundary constraints. Sometimes this causes no apparent problems. At other times, time synchronization quickly breaks. NTP RFCs are often specified as contract requirements. The behaviors and benefits provided by the algorithmic and bounds specifications of NTPv4 (for example) exist separately and independently from anybody's belief or their degree of comprehensive understanding. Without specifying fully vetted algorithms and bounds, adoption of this proposal shifts the burden of time synchronization and time impulse response behavior to every user of this proposal, and I submit the overwhelming majority of these users are in no position to even appreciate this, let alone understand and specify the behavior they actually need, and then codify it in a contractually useful way. So once again, if this is what y'all want to do: - Goferit - Don't call it NTP - Don't run it on port 123 - Do nothing to impede ongoing work with other similar efforts I'm not going to focus on anything else in this "proposal". For the past many years' time the IETF NTP WG meetings have been held at the worst possible time for my schedule. I've repeatedly told this to the chairs and the AD. This upcoming meeting is again at such a time, so I won't be attending. -- Harlan Stenn <stenn@nwtime.org> http://networktimefoundation.org - be a member! _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Karen ODonoghue
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements David Venhoek
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Miroslav Lichvar
- Re: [Ntp] [EXTERNAL] WGLC - draft-ietf-ntp-ntpv5-… Denis Reilly
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements kristof.teichel
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements kristof.teichel
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- [Ntp] Fwd: Antwort: Re: WGLC - draft-ietf-ntp-ntp… Daniel Franke
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- Re: [Ntp] Fwd: Antwort: Re: WGLC - draft-ietf-ntp… Salz, Rich
- [Ntp] Antwort: Re: WGLC - draft-ietf-ntp-ntpv5-re… kristof.teichel
- Re: [Ntp] [EXT] Hard NO: Re: WGLC - draft-ietf-nt… Hal Murray
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: Fwd: Antwort: Re: WGLC - draf… Windl, Ulrich
- Re: [Ntp] [EXT] Re: Fwd: Antwort: Re: WGLC - draf… Ira McDonald
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Steven Sommars
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Dave Hart
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Harlan Stenn
- Re: [Ntp] [EXT] Hard NO: Re: WGLC - draft-ietf-nt… Windl, Ulrich
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements Steven Sommars
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: Fwd: Antwort: Re: WGLC - draf… James
- Re: [Ntp] WGLC - draft-ietf-ntp-ntpv5-requirements James
- Re: [Ntp] [EXT] Antwort: Re: WGLC - draft-ietf-nt… Windl, Ulrich
- [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv5-re… Harlan Stenn
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… David Venhoek
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… Dave Hart
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… David Venhoek
- Re: [Ntp] Hard NO: Re: WGLC - draft-ietf-ntp-ntpv… David Venhoek