Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requirements-02.txt
Miroslav Lichvar <mlichvar@redhat.com> Mon, 14 August 2023 08:40 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5528EC1516E0 for <ntp@ietfa.amsl.com>; Mon, 14 Aug 2023 01:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JuFT6PHdgPlS for <ntp@ietfa.amsl.com>; Mon, 14 Aug 2023 01:40:09 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E463C1516E3 for <ntp@ietf.org>; Mon, 14 Aug 2023 01:40:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1692002398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HhtloB7rJbWpB/yezHlQ9Uiv32sZKghkuQptw/IVl4E=; b=REQot7YsxaaF4TBreuuVBAGdKIFaL2nyN87RyG825gM9gD/fMn0HA1iVYk1yi2sBE+ZRGL RSaqO6vL3SGQsg9sekrAx3KZt9p4jAdQS5c8H4nQJuuruELG2b1rbwf3wourFlGmsqnDO8 BBfVRIqD986tg5ySUv1VfXM91NO2cYI=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-592-KbzFNmi4OvG9A_4a52eTsg-1; Mon, 14 Aug 2023 04:39:57 -0400
X-MC-Unique: KbzFNmi4OvG9A_4a52eTsg-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B4B94185A792 for <ntp@ietf.org>; Mon, 14 Aug 2023 08:39:56 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5ECFC1121314 for <ntp@ietf.org>; Mon, 14 Aug 2023 08:39:56 +0000 (UTC)
Date: Mon, 14 Aug 2023 10:39:55 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: ntp@ietf.org
Message-ID: <ZNnoW2ncJvkGSFmr@localhost>
References: <169064555203.48214.10785823343496948104@ietfa.amsl.com>
MIME-Version: 1.0
In-Reply-To: <169064555203.48214.10785823343496948104@ietfa.amsl.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/q9qPAb-u95Po7f2oHxtZjJoF2fw>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requirements-02.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 08:40:14 -0000
On Sat, Jul 29, 2023 at 08:45:52AM -0700, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This Internet-Draft is a work item of the Network Time Protocols > (NTP) WG of the IETF. > > Title : NTPv5 use cases and requirements > Author : James Gruessing > Filename : draft-ietf-ntp-ntpv5-requirements-02.txt Thanks for updating the draft. >From 3.1: NTPv4 has previously suffered from DDoS amplification attacks using a combination of IP address spoofing and private mode commands used in many NTP implementations, I suggest replacing "many" with "some". AFAIK only the ntp.org ntpd and its fork ntpsec have this issue. >From 4.1: Client and server protocol modes MUST be supported, and other modes such as symmetric and broadcast MAY be supported and SHOULD NOT be required by implementors to implement. Considerations should be made in these modes to avoid implementations and deployments from vulnerabilities and attacks. So we are postponing the decision on which modes to support to the protocol specification? I was hoping the requirements draft would provide more guidance than "MAY". I think I suggested this before. Instead of naming modes, why not simply say: "NTPv5 MUST be resilient to off-path and replay attacks"? I think that is a reasonable requirement for any internet protocol that nobody should have any objections to it. The people who think symmetric and/or broadcast need to be supported will be forced to find a fix, or if they cannot do that at least understand it well enough to realize why they shouldn't be supported. -- Miroslav Lichvar
- [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requiremen… internet-drafts
- Re: [Ntp] [EXT] I-D Action: draft-ietf-ntp-ntpv5-… Windl, Ulrich
- Re: [Ntp] [EXT] I-D Action: draft-ietf-ntp-ntpv5-… James
- Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requir… Miroslav Lichvar
- Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requir… James