Re: [Ntp] ntpv5 requirements
kristof.teichel@ptb.de Tue, 14 February 2023 12:28 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 919E3C19E111 for <ntp@ietfa.amsl.com>; Tue, 14 Feb 2023 04:28:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.396
X-Spam-Level:
X-Spam-Status: No, score=-4.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ptb.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwVoDOFgEhoo for <ntp@ietfa.amsl.com>; Tue, 14 Feb 2023 04:28:50 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B083AC165767 for <ntp@ietf.org>; Tue, 14 Feb 2023 04:28:48 -0800 (PST)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id 31ECSj50007954-31ECSj52007954 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <stenn@nwtime.org>; Tue, 14 Feb 2023 13:28:45 +0100
In-Reply-To: <2bbcdc7b-a47c-8421-0278-0ac364faaeea@nwtime.org>
References: <DB8PR02MB5772E45732B25646F7CAE211CFD99@DB8PR02MB5772.eurprd02.prod.outlook.com> <Y+pgBgc/5dJ9wtAP@localhost> <2bbcdc7b-a47c-8421-0278-0ac364faaeea@nwtime.org>
To: ntp@ietf.org
Cc: Harlan Stenn <stenn@nwtime.org>
MIME-Version: 1.0
X-KeepSent: 7B624B98:C1ECCBBE-C1258956:00440F55; type=4; name=$KeepSent
From: kristof.teichel@ptb.de
Message-ID: <OF7B624B98.C1ECCBBE-ONC1258956.00440F55-C1258956.00448C93@ptb.de>
Date: Tue, 14 Feb 2023 13:28:44 +0100
X-MIMETrack: Serialize by Router on MAILGW01/PTB at 02/14/2023 01:28:45 PM, Serialize complete at 02/14/2023 01:28:45 PM
Content-Type: multipart/alternative; boundary="=_alternative 00448C8FC1258956_="
X-FE-Last-Public-Client-IP: 141.25.87.32
X-FE-Policy-ID: 5:5:5:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=ptb.de; s=s1-ptbde; c=relaxed/relaxed; h=references:to:cc:mime-version:subject:from:message-id:date:content-type; bh=1MFCKCSMFS0xFYi4jwA3hV32ka3fCaxHDco8keIUxPw=; b=il5+BixziDI0abQ6WLqu03kF0LxDG84i88obsyBqI9cK00ygFfn1GmAtbIvESfhrRN+KauWlIAv9 0Ub1358wtKdE4PbJ3XrQGzjXeME7YXGc7XDKt493eYj+K+/jV5up8QFYDTcxqUWRiy4LOhgmpY8p XZS3Gsz4ddMfuaX96F6TEBy4ns+gvE2seWf5VzK+0YgB6DfBF9DjHuDiFzPvGMiIgaiAqMRWWIiq vmf5KU/508UH6vaoxmgJxvhEM7zE8p5piAPtqgFZneVvYNbD83qoqAHMsm8MKWRYkV7ISuxkcmx6 9vUTI2OnwJhUsWnFq5wFEbXzl+8+b84BRAihnA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/rabcmi_xiFw-XNTt4FDLsiKpVmI>
Subject: Re: [Ntp] ntpv5 requirements
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2023 12:28:54 -0000
The reason that scalability and performance have traditionally been listed last in NTS documents is less that they are in any way secondary -- and more that they follow a pattern of "...and it needs to do all of the above in such a way that it retains scalability and performance as far as possible". (And perhaps a bit of them being quantitative goals rather than absolute/qualitative; performance is gonna get worse with crypto rather than without, the goal is to keep it reasonable/best possible -- whereas e.g. amplification can be cleanly goal-stated as zero.) Besten Gruß / Kind regards, Kristof Teichel __________________________________________ Dr.-Ing. Kurt Kristof Teichel Physikalisch-Technische Bundesanstalt (PTB) Arbeitsgruppe 4.42 "Zeitübertragung" Bundesallee 100 38116 Braunschweig (Germany) Tel.: +49 (531) 592-4471 E-Mail: kristof.teichel@ptb.de __________________________________________ Von: "Harlan Stenn" <stenn@nwtime.org> An: ntp@ietf.org Datum: 13.02.2023 23:29 Betreff: Re: [Ntp] ntpv5 requirements Gesendet von: "ntp" <ntp-bounces@ietf.org> On 2/13/2023 8:06 AM, Miroslav Lichvar wrote: > On Thu, Feb 09, 2023 at 05:18:20PM +0000, Doug Arnold wrote: >> For example: Judah Levine at NIST recently told me that he cannot implement NTS with his current server resources and the number of clients NIST supports. However, when I told him about TESLA he thought a scheme based on that would be doable, as long as the keys didn?t have to change too often. > > That is interesting as NTS was specifically designed to scale well to > very large numbers of clients. I don't recall performance in NTS as being a primary goal of the design. Sure, it was listed as *a* goal, but the primary goals were around "security". > Is their concern about decryption > and encryption of NTS-protected NTP packets, or rather TLS in NTS-KE? > > In 2016 they reported they had about 200k requests per second across > all their servers [1]. Even if it was 100x more today and all clients > were using NTS, that could still be handled by a dozen of servers with > multi-core CPUs and AES acceleration. In my tests I get about 200k/s > per core. From what I've heard, NTS key operations take 5-10x the amount of compute power beyond what NTP needs. > NTS-KE traffic is more difficult to predict as it depends on the > client implementations. I would be curious to see what NTS-NTP to > NTS-KE request ratio do the well-known NTS providers like Cloudflare > and Netnod have. > > [1] https://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.003.pdf > -- Harlan Stenn <stenn@nwtime.org> http://networktimefoundation.org - be a member! _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements James
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements Hal Murray
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements Doug Arnold
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements kristof.teichel
- Re: [Ntp] ntpv5 requirements Miroslav Lichvar
- [Ntp] Costs of running NTP servers Hal Murray
- Re: [Ntp] ntpv5 requirements Dieter Sibold
- [Ntp] Antw: [EXT] Re: ntpv5 requirements Ulrich Windl
- Re: [Ntp] Costs of running NTP servers Miroslav Lichvar
- Re: [Ntp] ntpv5 requirements Harlan Stenn
- Re: [Ntp] ntpv5 requirements kristof.teichel