IETF Logo Mail Archive

Re: [Ntp] Antw: Re: Antw: draft-ietf-ntp-mode-6-cmds : Issue 1

Brian Haberman <brian@innovationslab.net> Thu, 14 December 2017 16:45 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A8E11288B8 for <ntp@ietfa.amsl.com>; Thu, 14 Dec 2017 08:45:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGduReFQrAz8 for <ntp@ietfa.amsl.com>; Thu, 14 Dec 2017 08:45:54 -0800 (PST)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E34191273B1 for <ntp@ietf.org>; Thu, 14 Dec 2017 08:45:54 -0800 (PST)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id D3196880EA for <ntp@ietf.org>; Thu, 14 Dec 2017 08:45:54 -0800 (PST)
Received: from clemson.local (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 930DE3280AE4 for <ntp@ietf.org>; Thu, 14 Dec 2017 08:45:54 -0800 (PST)
To: ntp@ietf.org
References: <d5a5ba98-65f2-f2e0-a0ec-40114213fc03@innovationslab.net> <59C0BEBB020000A100027F1A@gwsmtp1.uni-regensburg.de> <90ca0015-6ff4-9f68-20c9-a978fea6f491@innovationslab.net> <fd938fee-ed5c-a0ca-148f-a20a8c72aaa5@nwtime.org> <59C4A769020000A100028053@gwsmtp1.uni-regensburg.de> <579cec94-f2ab-ce73-13f6-483f5c528da7@nwtime.org> <59C4B636020000A100028076@gwsmtp1.uni-regensburg.de> <62ae5e81-593f-e26a-8829-bc5f4be07dab@nwtime.org>
From: Brian Haberman <brian@innovationslab.net>
Message-ID: <b819ec71-5b90-7ef0-cf43-a0eb57ab0d26@innovationslab.net>
Date: Thu, 14 Dec 2017 11:45:53 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <62ae5e81-593f-e26a-8829-bc5f4be07dab@nwtime.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/s4IT2KZv-3-9SodAyC2H4hlmruA>
Subject: Re: [Ntp] Antw: Re: Antw: draft-ietf-ntp-mode-6-cmds : Issue 1
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 16:45:56 -0000

Reviving this thread because we never reached any consensus on what
things we want in the mode-6-cmds draft...

On 9/22/17 3:47 AM, Harlan Stenn wrote:
> 
> 
> On 9/22/2017 12:05 AM, Ulrich Windl wrote:
>>>>> Harlan Stenn <stenn@nwtime.org> schrieb am 22.09.2017 um 08:26 in Nachricht
>> <579cec94-f2ab-ce73-13f6-483f5c528da7@nwtime.org>:
>>
>>> On 9/21/17 11:02 PM, Ulrich Windl wrote:
>>>>>>> Harlan Stenn <stenn@nwtime.org> schrieb am 21.09.2017 um 00:42 in Nachricht
>>>> <fd938fee-ed5c-a0ca-148f-a20a8c72aaa5@nwtime.org>:
>>>>
>>>>>
>>>>> On 9/20/17 12:10 PM, Brian Haberman wrote:
>>>>>>
>>>>>>
>>>>>> On 9/19/17 2:52 AM, Ulrich Windl wrote:
>>>>>>>>>> Brian Haberman <brian@innovationslab.net> schrieb am 18.09.2017 um 19:10 in
>>>>>>> Nachricht <d5a5ba98-65f2-f2e0-a0ec-40114213fc03@innovationslab.net>:
>>>>>>>> Ulrich noted that this document does not specify a version number for
>>>>>>>> the mode 6 commands. I had suggested specifying it as "version 4 (or
>>>>>>>> earlier)" given that the introduction of mode 6 commands has occurred at
>>>>>>>> various versions of the protocol starting at RFC 1305. Ulrich pointed
>>>>>>>> out that the version number drives the interpretation of the status words.
>>>>>>>>
>>>>>>>> For people who have implemented or use mode 6 commands, what makes sense
>>>>>>>> here? Do we need to specify a version number per mode 6 command?
>>>>>>>
>>>>>>> Hi!
>>>>>>>
>>>>>>> I think there are several issues:
>>>>>>>
>>>>>>> 1) Assuming there are different versions (there are!), how can one find out 
>>>>> which version the server implements? See 2)
>>>>>>>
>>>>>>> 2) if a client requests a version different from the server, what should the 
>>>
>>>>> server do? The server could respond with a different version number, 
>>>>> indicating that it is not willing to respond / privide the information in 
>>> the 
>>>>> format requested. Or the server could respond with a "bad request" status. 
>>>>> Finally the server could respond in the format requested... I have slight 
>>>>> favor for the first variant unless there is a command to find out what 
>>>>> message format versions the server can provide.
>>>>>>>
>>>>>>> 3) As it seems to be now, the server ignores the version (versions 2, 3, and 
>>>
>>>>> 4 all seem to work)
>>>>>>>
>>>>>>
>>>>>> The above seems to argue for two things:
>>>>>>
>>>>>> 1) A preliminary handshake between an NTP server and the mode6-speaking
>>>>>> client to determine what version is in use.
>>>>>>
>>>>>> 2) A change to the operating basis of the mode 6 commands in that the
>>>>>> above mentioned handshake occurs before actually sending the mode 6 command.
>>>>>>
>>>>>> Is that a good representation of what is being asked for?
>>>>>
>>>>> If it is, I'm thinking we'd want a mode 6 "Identify" command, that would
>>>>> have this information in a response.  This response would likely contain
>>>>> different data before/after authentication.
>>>>
>>>> Why that? You should elaborate on the role of authentication.
>>>
>>> Here's a short list.
>>>
>>> - Nobody but trusted folks should see the origin timestamp of a pending
>>>   symmetric mode exchange.
>>>
>>> - Nobody but trusted folks should be able to get the list of our
>>>   potential servers.
>>>
>>> - Nobody but VERY trusted folks should be able to issue :config
>>>   directives
>>
>> Hi Harlan,
>>
>> even more confused now: The issue was (unless I'm confused) to finde out what mode-6 protocol version the remote side (server) speaks.
>> You talk about changing the requirements of existing commands (it seems).
>> I have no objection changing the require ments on the next mode-6 protocol level, but these issues should be clearly separated IMHO.
> 
> I thought the intent was to make sure that ntpq could ask an NTP server
> "what can you tell me about yourself?", in enough detail that the client
> will then know what to ask, and how to interpret the results.

I can interpret this capability in two ways:

1. ntpq tells the server what version it is going to ask its questions
for. This is based on Ulrich's example code showing that different
variables exist in different versions. The response back from the server
would be a binary (Y/N) on its ability to answer questions for that version.

2. ntpq asks the server which version(s) it supports. When the server
responds with a version number, ntpq figures out whether it can handle
questions for that version.

I interpret Harlan's response as an indication that he thinks option 2
is the way to go. If that is the case, it would seem that we would want
to add a new command to the draft that asks the server to indicate its
version of NTP.

Other thoughts?

Regards,
Brian

v2.23.0 | Report a Bug | By Email