IETF Logo Mail Archive

Re: [Ntp] Symmetric mode

Danny Mayer <mayer@pdmconsulting.net> Sun, 09 October 2022 21:49 UTC

Return-Path: <mayer@pdmconsulting.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33368C14F73F for <ntp@ietfa.amsl.com>; Sun, 9 Oct 2022 14:49:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzsgpLsnTl-c for <ntp@ietfa.amsl.com>; Sun, 9 Oct 2022 14:49:14 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [66.220.13.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB059C14F728 for <ntp@ietf.org>; Sun, 9 Oct 2022 14:49:14 -0700 (PDT)
Received: from [192.168.1.156] (pool-108-26-202-2.bstnma.fios.verizon.net [108.26.202.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4Mlwfx0ND3zMPGM; Sun, 9 Oct 2022 21:49:12 +0000 (UTC)
Message-ID: <a6dfce17-21ce-00c8-9d10-4386857c21fd@pdmconsulting.net>
Date: Sun, 09 Oct 2022 17:49:12 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.1
Content-Language: en-US
To: Miroslav Lichvar <mlichvar@redhat.com>, Doug Arnold <doug.arnold@meinberg-usa.com>
Cc: Hal Murray <halmurray@sonic.net>, "ntp@ietf.org" <ntp@ietf.org>
References: <mlichvar@redhat.com> <YzWunE8uQwTh8suS@localhost> <20220930015229.B235628C1D8@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <AM7PR02MB5765D115CABA9E9B5A148711CF569@AM7PR02MB5765.eurprd02.prod.outlook.com> <YzqVaP8rbNFer+SG@localhost>
From: Danny Mayer <mayer@pdmconsulting.net>
In-Reply-To: <YzqVaP8rbNFer+SG@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ribMDiLyqySQb_uu241xE1khLlI>
Subject: Re: [Ntp] Symmetric mode
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2022 21:49:19 -0000

On 10/3/22 3:55 AM, Miroslav Lichvar wrote:
> On Fri, Sep 30, 2022 at 02:23:22PM +0000, Doug Arnold wrote:
>> Please enlighten me. I’ve been reading the discussion on symmetric ntp, and I don’t understand the purpose. An ntp server can ask other servers for time using client server ntp, and use that information to examine its own time and that of the peer it is looking at.  Why is a different over-the-wire version of the protocol needed?
> You can push time to the server using the symmetric mode, without the
> server having to know your IP address in advance. This has a major
> impact on security. When NTP started, I guess very few people cared
> about that, but now I don't think it's acceptable.
>
Only if that were true, which it's not. Symmetric mode is very much like 
client/server, just the modes are different.

Danny

v2.23.0 | Report a Bug | By Email