Re: [Ntp] NTPv5 draft
Miroslav Lichvar <mlichvar@redhat.com> Tue, 01 December 2020 10:03 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 259BD3A1016 for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 02:03:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lrx03KgQ2SzP for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 02:03:12 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CC4D3A101A for <ntp@ietf.org>; Tue, 1 Dec 2020 02:03:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606816991; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qYGZtwNITuPNxqZTcpkhV7WzI2iKhOfzfPSuDehA7ZU=; b=LL0x2zCh+r/1+/5TfgiaMh0tYj98BGyFePJUFyqrXErJkIObWI6/o0R10Z9njCiR5suWvT d0mCJyODWRbF4mBr/qGIkUKYQcBiUnKLflXZoT/o4gAuW+JpkOSM9ilkpstTjmsR0iqo6f 5z7SmKcxiDE3tDUp3VH+fP5Z0Gj/rwY=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-482-6YMbIkCBOyme5JM0H-lVCw-1; Tue, 01 Dec 2020 05:03:09 -0500
X-MC-Unique: 6YMbIkCBOyme5JM0H-lVCw-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 25AAA190B2B6; Tue, 1 Dec 2020 10:03:08 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 774225C1A3; Tue, 1 Dec 2020 10:03:07 +0000 (UTC)
Date: Tue, 01 Dec 2020 11:03:05 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Dieter Sibold <dsibold.ietf@gmail.com>
Cc: ntp@ietf.org
Message-ID: <20201201100305.GK1900232@localhost>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com>
MIME-Version: 1.0
In-Reply-To: <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ochPMVaWdJfntGcKSR-U0M4SAqM>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 10:03:14 -0000
On Tue, Dec 01, 2020 at 10:51:22AM +0100, Dieter Sibold wrote: > On 1 Dec 2020, at 9:12, Miroslav Lichvar wrote: > > You mean to require all NTP packets to be authenticated? I don't like > > that idea. The improvements in NTPv5 are orthogonal to authentication. > > NTPv5 is not supposed to be more secure. An NTP client that doesn't > > want to implement the complexity of NTS shouldn't be restricted to > > NTPv4. > > > > Yes, I would propose that by default each NTP packet has to be > authenticated. Not using security should be an active decision! I don’t > think that security and increased time sync performance have to be > orthogonal. The 2-step approach could provide better time sync performance > and security. Ok, so if the draft said something like "NTP clients SHOULD use authentication", would that work for you? Ultimately, it would be up to the client's default configuration whether authentication is enabled or not. > > Isn't that the NTP root delay and dispersion? Together they provide an > > estimate of the maximum error in the receive and transmit timestamp. > > Uncertainty and maximum error are different. The uncertainty interval will > always be smaller or equal to the max. error. Can you describe an example how would the server determine the uncertainty? -- Miroslav Lichvar
- [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Steven Sommars
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft James
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTPv5 d… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTP… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Marcus Dansarie
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft kristof.teichel
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Christer Weinigel