IETF Logo Mail Archive

Re: [Ntp] Objections to the current language in draft-ietf-data-minimization

Harlan Stenn <stenn@nwtime.org> Tue, 26 March 2019 12:12 UTC

Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD9C1202D1 for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 05:12:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id auDlbgrdAs_z for <ntp@ietfa.amsl.com>; Tue, 26 Mar 2019 05:12:50 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [IPv6:2001:470:1:205::234]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2CD2120052 for <ntp@ietf.org>; Tue, 26 Mar 2019 05:12:50 -0700 (PDT)
Received: from [10.208.75.157] (75-139-194-196.dhcp.knwc.wa.charter.com [75.139.194.196]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 44T94f3DP3zL7N; Tue, 26 Mar 2019 12:12:50 +0000 (UTC)
To: ntp@ietf.org
References: <8b9e85cb-3d6a-4e71-cbe7-9956e301a22d@nwtime.org> <CACsn0c=SrDXWNg7pNFHy0yLKugNLTADMbE9ae4iiNAhNPc6Y8g@mail.gmail.com> <85ab5d77-d6a1-17ba-0b73-4664f33cd3c0@nwtime.org> <6164D9F6-DE61-45A6-B557-528643BEA14D@gmail.com> <OFD1C8CB0B.A3B08970-ONC12583C9.003EBA72-C12583C9.0041C524@ptb.de>
From: Harlan Stenn <stenn@nwtime.org>
Openpgp: preference=signencrypt
Autocrypt: addr=stenn@nwtime.org; prefer-encrypt=mutual; keydata= mQGNBFI2xmQBDACrPayw18eU4pIwCvKh7k0iMkAV9cvzs49kBppM+xoH+KKj4QWmkKELD39H ngQnT3RkKsTLlwxyLqPdUmeQNAY2M5fsOK+OF6EvwLPK9hbmE3Wx2moX+sbEUxJ2VzFhKSKb OPZALXwk1XxL0qBedz0xHYcDwaSAZZkEFXURv2pDIdrmnoUnq2gdC8GpoFJiXoUaCLSYzzaY ac4Njw7Mue8IqfzRQb70aMjXl/qmsmfmEVAyGXywDdc/ler4XSgiuYOV7Kf69bj9PFZZSMdJ MWgEyZH6lJ0TU5ccR2zp5ZRmWzQQkxJMyH2th7q0Nmz3aX4A0K4yE0Ba9/5Dr7ctpF15BrMF aEo4s5lwI6tUnkgMWo265mMzCz4mAPV/ac0w0OXQg7r9E2r0+dRapnzUlG43D0JLDqDr9uRR L6IrRQqoCWUC75lfmPYQYSlaTJaK68r3lXd0z1cXJUgVtEL5H3/Z71R2B20twcQVAnw2iIH6 L5vdrsIjHrMmkqRVbs9nNyEAEQEAAbQ5SGFybGFuIFN0ZW5uIChOZXR3b3JrIFRpbWUgRm91 bmRhdGlvbikgPHN0ZW5uQG53dGltZS5vcmc+iQG5BBMBAgAjBQJSNsblAhsvBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AACgkQyIwAt1pH+kBlzgv/QOg70vdj8wU/z97UPdlbxtN4THAB gfSX4N0VPKT5fjX1tFhuXZQAOv7wedR3Trh7TGteyg33TBAFf9A42mXZKi1IxAiQG118Hd8I 51rXwnugURIYQaIyQI+vbchRbwVyz+mVLTI/h6FdbsVzT4UFmir+ZMkb/XeZPu0HItk4OZHE 6hk+TuTiCnlqlCPLq371fXV54VOb91WZYD8EQFtK02QHGHsQqWvapdphiDVpYehmsPyiTESq NMKLVtjtyPkQ6S7QF3slSg+2q3j8lyxEA78Yl0MSFNU8B/BtKgzWP2itBOfi+rtUKg+jOY1V /s2uVk2kq2QmHJ/s5k5ldy3qVvoTpxvwBe0+EoBocTHYt+xxp0mTM6YY1xLiQpLznzluqg9z qtejX1gZOF4mgLiBIrhXzed3zsAazhTp5rNb1kn0brZFh6JC5Wk941eilnA4LqX8AWo0lmwo eb+mpwZK/5lNdage/anpVqft9wJ/8EcvST9TLUO4fPrmT3d/0LpWuQGNBFI2xmQBDADXLsBk I7CSa5UXlrNVFJQHER1VxRBKqjWWCh/8Qv9v3p3NrIc2UnhoZ1uWQ2voBGty5Xfy9k4afV5k WwDyRDUIb7PX+Tj4HjVVr7qvnOVe/0KzZpNq0Azd0ggFbsM+8mydktHIwJykW0NUsGwPRYuD OA0Lro0ohb5IiCt3sSQi1X1hYjo7O1Vmn8Gy/XYOnhnMux+5zDPO2yTkCNX5PocYi9IJJy6p Mq1yQV4Y2Dl8KtQzvtq55vCUxx6n0MMzFViGwNW6F4ge9ItO4tDScsgowDrHa208ehwOpv/i wjf93lCClQ6vaKmOBX872K/tdY/hwhxPPjgl1bcrOwMRYVemOPPehwnXH5bwclk1hvDQdkJQ 5pJOkE4VCryTF/iDAt4g2QnHocUwt3b6/ChUUWmj2GZ22OR12rbnCtLedwp0DpViKPUCQHBO vpgXdzE/L9zWar9fqM0EREMgfWbsJc9028qluCcFLIN1gYsq4cC+YGAcOu7HOI5orBBV4m9j XfsAEQEAAYkDPgQYAQIACQUCUjbGZAIbLgGpCRDIjAC3Wkf6QMDdIAQZAQIABgUCUjbGZAAK CRDfCQ/G52/8P/uWDACe7OEM+VETDRqjQgAwzX+RjCVPvtgrqc1SExS0fV7i1mUUxr/B8io3 Y1cRHFoFKmedxf8prHZq316Md5u4egjFdTT6ZqEqkK0hvv+i0pRpCa5EX9VIStcJStomZp8F cY34grA+EOWITaLQ4qNZUP7rf2e7gq1ubQTj7uLr6HZZvMZ5em+IvrOWEuWDI6yOiI6px04w RDfkoR2h6kgdw4V0PT4NjK9WYYKrVCf1bjLlVImNBEcXfvlUTrIYO8y6ptvoUsBQky5pQRvP 99Pn42WfyLy50aII6+vyudD4T0yLjXAz4KteUttxtIte64m/F9/7GEIZAxTUcLyOq/7bP4le h39jBckwc62iYzeK/VkU/bMMh2D68Z3QylMnhhcW27BcgQHPKsHhmFa2SNytYcuQiSdf9+pj 4i32ETz1nJAvYAAqgTF/0PL+8ZNQoEpe/n9woMKrlZrqD4EgFmhQ3bNVhlaXz1nuTZDrwPt1 yMxBuUNbCF4jFnaruwrSiGTRoIfUZQwAjQglahrV4/mcjfnvbNoseHX0PKd9q+wjg7MIjWqr f2CI8Fa6MdanqwYphz43I2yXANKFZuMWsWqyQYlvGuPUlUUcAL3stp24RkzDB1Q+JS0IZJST T2JSu0aTfUdWVNqr2UI19eX+zxbOTckSi3Ng14ezG8ZX194ZH10b8JzntQOwmA20pd5JDhug zQfASER+CZDiPPcQ4mvC4y7rMrfV6XGQbDynC3ekDxo8SC5SvjaczXMwXg6SZ8iFtEWmEwW9 r7zPjjIPDrX8w5LXBgxArM5o/HbERpc2EdAvMh1D7LC0SvmoE7fBKxsicVBe4h6vXjEZ+LLr /wuZiBld9OnxAUIpwptbBspO6WKTQYvgFH2OeDG27hiE5P4Xs4WSp5j9ez8OVB1iZnA2nCQ+ tNTjO8c+C/P92vPLx5+bpGRXTXMNaLh34PS3ZsYoUDkKZNhczRZUWJ7nynSbeeyF+QW7SLwA qY7O7dyk9LFTsfJqRQJ7tWnIAjJPCwmSgQ8Kl0UJ
Message-ID: <2a6ae6c9-e347-84db-3d51-0529bfb834ee@nwtime.org>
Date: Tue, 26 Mar 2019 05:12:43 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <OFD1C8CB0B.A3B08970-ONC12583C9.003EBA72-C12583C9.0041C524@ptb.de>
Content-Type: text/plain; charset="windows-1252"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/oNH02Ce3Kpgi5R9_ekF-0qCoOqM>
Subject: Re: [Ntp] Objections to the current language in draft-ietf-data-minimization
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 12:12:54 -0000

HI Kristof,

On 3/26/2019 4:58 AM, kristof.teichel@ptb.de wrote:
> Hello all,
> 
> I support Dieter's viewpoint that most of Harlan's original points can
> be read as arguments against leap smearing rather than arguments against
> data minimization (or the way it is handled in the current Data
> Minimization draft).
> Honestly, I would go one step further and add that the whole discussion
> point is an argument for the case that the decision to use UTC over TAI
> in the first place was a mistake and should be reconsidered as soon as
> possible (which might not be soon at all).

That's fine, but it's a separate discussion.

Some Very Big Players are insisting on using leap-smeared time, so it's
a fact of life that we must live with.

As written, the data-minimization would make it pretty much impossible
to handle mixed client populations where some clients were leap-second
aware and some were not.

Forcing a decision on this point - in either direction - is effectively
"creative destruction", and will only serve to fracture the current
infrastructure.

I think that's a terrible idea.

The goal in what I'm proposing is, in effect, either "live and let
live", or perhaps "be excellent to each other".

> That digression aside, the decision that was put forward was that of the
> document using either "SHOULD" or "MAY" for certain normative clauses.
> First off, I'm a bit unclear about the significance of this decision (as
> in, who would be affected): wouldn't the same implementation be the same
> degree of conformant to a given document if all occurences of SHOULD
> were replaced by MAY and/or vice versa?
> That said, it is my belief that given the rather hard-to-measure
> difference as outlined in RFC 2119, SHOULD is better suited than MAY a
> collection of suggestions
> - whose advantages include making things conformant to current data
> protection regulations and preventing security goals of a crypto add-on
> from being unobtainable in the first place due to quirks of the
> underlying protectee protocol
> - whose main (argued) disadvantage is that it reduces the convenience
> with which a potentially system-disrupting hack can be executed

Different groups have different needs/goals.  One size simply does not
fit all situations.

> 
> Best regards,
> Kristof

H
--
> 
> 
> 
> Von:        "Dieter Sibold" <dsibold.ietf@gmail.com>
> An:        "Harlan Stenn" <stenn@nwtime.org>
> Kopie:        "Watson Ladd" <watsonbladd@gmail.com>, ntp@ietf.org
> Datum:        26.03.2019 11:05
> Betreff:        Re: [Ntp] Objections to the current language in
> draft-ietf-data-minimization
> Gesendet von:        "ntp" <ntp-bounces@ietf.org>
> ------------------------------------------------------------------------
> 
> 
> 
> 
> 
> Dieter Sibold
> dsibold.ietf@gmail.com
> 
> On 26 Mar 2019, at 10:47, Harlan Stenn wrote:
> 
>> On 3/26/2019 2:41 AM, Watson Ladd wrote:
>>>
>>>
>>> On Tue, Mar 26, 2019, 9:02 AM Harlan Stenn <stenn@nwtime.org
>>> <mailto:stenn@nwtime.org>> wrote:
>>>
>>>     In my opinion, draft-ietf-ntp-data-minimization-04, like its -03
>>>     predecessor, exclusively focuses on ways to expose as little
>>> information
>>>     as possible and completely ignores and discounts the costs or
>>> problems
>>>     that can and in some cases will occur if its recommendations are
>>>     followed.
>>>
>>>     If my claims are accepted, section 1. Introduction of
>>>     draft-ietf-ntp-data-minimization should be appropriately
>>> rewritten to
>>>     remove its incorrect, or at least misleading, claims, and many of
>>> the
>>>     “SHOULD” recommendations in the document should be changed to
>>> “MAY”.
>>>
>>>     In particular, draft-ietf-ntp-data-minimization blindly and
>>> explicitly
>>>     recommends setting LI, the poll interval, and the REFID to 0,
>>> with no
>>>     offered analysis for the costs or benefits of the effects of
>>> these
>>>     recommendations.
>>>
>>>     In this email I’ll use a leap second event to illustrate these
>>> points.
>>>
>>>     Regardless of whether or not you believe leap smearing is
>>> “good”, there
>>>     are time servers out there that only offer correct time, some
>>> that only
>>>     offer leap-smeared time, and some that offer one or the other -
>>>     depending on how they’re asked.
>>>
>>>     For better or worse, a noticeable group of time server operators
>>> now
>>>     offer leap-smeared time in response to NTP mode 3 (client)
>>> requests.
>>>     Sometimes this is what the clients want, sometimes it is not.
>>>     Regardless, there is clear value and benefit in being able to see
>>> if:
>>>
>>>     a server is offering correct, or leap-smeared time
>>>     a client is following a correct, or a leap-smearing server
>>>
>>>     Let’s look a the poll interval first.  If a server knows a
>>> leap second
>>>     event is coming, it is in a position to look at the poll interval
>>> from
>>>     the client and send back a recommended poll interval that will
>>> make sure
>>>     the client properly handles leap second handling.  Yes, even if
>>> the
>>>     client “lies” and doesn’t tell the server its actual poll
>>> interval, the
>>>     server can respond conservatively, and be responsible to the
>>> client.
>>>     This behavior may well cause an unnecessary increase in the
>>> server load.
>>>      It is also possible that the server may choose to remember the
>>> IP and
>>>     port of the incoming request to independently try and verify the
>>> actual
>>>     poll interval used.  But this is also a case of cost-shifting,
>>> and I am
>>>     opposed to it.
>>>
>>>
>>> Alternatively clients can ensure that they pull at least once every
>>> 24
>>> hours so they will know when a second happens.
>>
>> Are these clients leap-second aware?  If so, that's probably true.
>>
>> If they are not leap second aware then you're talking about clients
>> that
>> don't place a high value on accurate time synchronization, so they
>> don't
>> care.
>>
>> This is not the client population that will have problems with data
>> minimization.
> 
> From my point of view these are arguments against leap-smearing and not
> against the data minimization draft which from my point of view is
> mandatory since it meet modern regulation requirements such as the eu
> gdpr.
> 
> - Dieter
> 
>>
>> --
>> Harlan Stenn, Network Time Foundation
>> http://nwtime.org <http://nwtime.org/>- be a Member!
>>
>> _______________________________________________
>> ntp mailing list
>> ntp@ietf.org
>> https://www.ietf.org/mailman/listinfo/ntp
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
> 
> 
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
> 

-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

v2.23.0 | Report a Bug | By Email