IETF Logo Mail Archive

Re: [Ntp] NTPv5 draft

Doug Arnold <doug.arnold@meinberg-usa.com> Tue, 01 December 2020 13:04 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29CA3A0A90 for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 05:04:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfhY8CZP9Rdv for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 05:04:34 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130050.outbound.protection.outlook.com [40.107.13.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E12A43A09E0 for <ntp@ietf.org>; Tue, 1 Dec 2020 05:04:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gwBWp9Bq7GPTTC5xz7dSoJDMK8WiE76ME8uqPLytIZcAuBQ6HhYHPXJ5wvt6WDH+sYTN+2/XMaGbVfwLgIy7bKuK+68UUctjCPzCcohUuwA4qfpsM8+gap3wrQxnnX4gso0L9U19OlAkaemRq0QlWEfRRxPpQ+dIcJ7kQ0SJ7uuwXP2fF4QC40fCoq8Kia+958WlYJ8qpywrq97DT5QlB6j1UsVK9gDTaOj1Evxtvw5IS7YnSlGa5QWiuBzSHvTL8X3kJIy/7rguANddmtbE706bjVluA8N5N+nB3yIveI6vJr3dhZAg1shzycpemvDqj3pRui4eVliW+lSNeKPgqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sl5G8jgvtRnVGN9Y6xMXEJpzWrsn7UcNXR/rRjf6Q8Q=; b=SHJpUY9Bs9sfbQk41dSANc0Osl9Up245vN81lVHK2knL0DZuyUooDHbQh+i2JxEuTZ+WshGmjTnixprEG1LhjADwipXG/xidTqvErWyzPPjy4sdIKV9vaNykuzlt4DmNSCW1RqxSbZGuQ5DYSEQtK8vWXU6/hN5HNvu8mSW07baGgxWdQ3fOBc7oviBImKYcTHaEjE+YHLoDNX4Pp0hKq+KW1Qk33qwQ6gXxnlBZHfnP9sSAKQLvOjy4kR3L7wg8uUNO0zEyDh+MVKnJUzThwMK4axlkBVKOPjE1WX+nHjbhkOlUU4jLU89NNbXiNKYoQJleemdp/ch0xNTAkKxVzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sl5G8jgvtRnVGN9Y6xMXEJpzWrsn7UcNXR/rRjf6Q8Q=; b=UNCqvBW+dPpeJISoKFsa16/+kpMZQP1QFnpBS6v+UZFBSnlVZ6xakiKsP6RBRL9FBqA/c8uaSawpO9p3Cgn4KH4aorlOYwALFDFYaHcakKEd6KruK2eX+qOwYMrRNDWbsqM3VS5SS3UIzZhWQrbKbsb3cDNn62MvWF2n1va3RCE=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB4930.eurprd02.prod.outlook.com (2603:10a6:20b:34::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.23; Tue, 1 Dec 2020 13:04:29 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::d022:fca0:630d:905f]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::d022:fca0:630d:905f%6]) with mapi id 15.20.3611.031; Tue, 1 Dec 2020 13:04:29 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Dieter Sibold <dsibold.ietf@gmail.com>
CC: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTPv5 draft
Thread-Index: AQHWuEaDlKEJhbHR1E2C9HXHW1gbZ6nhKNUAgADZ6oCAABvAAIAAA0aA///e3YA=
Date: Tue, 01 Dec 2020 13:04:29 +0000
Message-ID: <7FD4E2DD-04A0-4B62-BBD4-EE5F00236831@meinberg-usa.com>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost>
In-Reply-To: <20201201100305.GK1900232@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.43.20110804
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c0901093-a15d-46cb-438a-08d895f9a3b3
x-ms-traffictypediagnostic: AM6PR02MB4930:
x-microsoft-antispam-prvs: <AM6PR02MB4930EE2986847AD7ECB3DC69CFF40@AM6PR02MB4930.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2q5/YIpXzIp2qnDQfmuJz8bMhEANtWvSm6XxKShpCNTgBloMKibIOlAylDdAQqxQPvYgta3nRp/utNobS5xw4/0Eh1CVeGWJT94C+Q8K2gfSpJHYFYU7xeqa3lZYrKOtV/PV0ZRBceSrQ0iQaroYerB0OuyvGBpu+D3DmpUD8v4KyHXtC5DpclosylLLo9Z5MaBRyMfPMRKneKZMqN7JzP3eaZq4kF2rrQPB6Ig/CAhPd+1eWZKJmPdeVHPIJ2W+7MutcLwsOs6g9pTpQ6lclXJHjYNpNHe39qz7vMzsudowY/piNpI4WeFs8VZhWb97HROeKltPi4K9JGtXrjYRCM+ZtQZj8o/vXKrseHWW7a5u8khlst7wM7B9AUUBhWo8E+VeEAjuAT0A5xZ3u9FDSw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(346002)(8676002)(4326008)(66446008)(71200400001)(966005)(5660300002)(6512007)(6486002)(2906002)(33656002)(26005)(110136005)(44832011)(8936002)(6506007)(508600001)(83380400001)(186003)(86362001)(2616005)(66476007)(66556008)(76116006)(64756008)(66946007)(36756003)(53546011)(91956017); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: eTCwdGYr1Sckd7rfU/N5vuNhnGBOjBojvtqTweRbthE14p/WGop6C7GUecQ8zclDTGwNw+AD4yMc7qN0bu7C712G061BDXEDmnVXlekE26BYum0QvbzmFNaaIEyQYHjgOBMUBrDVmBLYgGTAdGx8xzsmOurMeDMUTeaEvUXl1G+95HCqugahWyIFXfTomVETW58kYI+g2AmMrMAKXRDYGZRaWr7hpDSA11jugenSc5DtEa/aHj6aVGtpLF+1X4MnsPX7ncORNObNwngpc/DyGEUJWdNW7nsOefm8FiwmTiZaWbB72CmOZ0H/c7GId2o22KSv9Jjtnc13W0pENUIwOyKz04tpQXp9M7FV7+Om+muYFz/G4bVXwqitiHLu+S/x+L1cHfM6ZCPgdNXKr9fmY2YOXRpUW+L9vcY9ybyG/Vf+YnPxcdibTym57IlL4u8mgN+y4CdH1CrjstAYt7lxL6wkJ1uq03Df7R5Avp+RKtGMP386FwKhCXwht3G2vdmXrL3W+NUpYlyoE8yPlOsmac9LhwLNnVlgoqZPB7J+gm+COqRQUllUpUgNd6rFx9tv2/DZ7oJWSpYwJvEbv8lYk7iPRkqI5U9SBpdR3qBaljTNhGN8ChSpzM5qDFJrevQotz4Len6pWAGT3gD48LiXuZu0Peh0OKys5MllaU1omLZHczCHviWo83yXKyinOvSTIdJqYodbRuV4+cgM2fYL0LXwSkAwcmP02ANOfsO1tEhVh7rcWZ45T1nFEeEf/l+VnOyzgTIYnA4fAnT2Pho7LdScja5ajvUf0I347wNFhm1tSTvf5R/Z7DXd4QdW3m2JN/q0hPeiasbyAwvwtR7n2yjmemHiKPG5HltoWiqOLvaN2pfJBtOuX/pM4akmlz0J6Y1EDwvR0HObu6JexqlhN0SYLB1jJAqb7el9OBM4ttpMqPKXou3z9ux2XZlo7pAfND/v6/aKExguFQdggI0PZSEWPU10SLSvML/Dskzstup4dPJqwLcHDSZ+67h8DMx2
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <404AFFB5F4A09A4B97FC44B5F229E36C@eurprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c0901093-a15d-46cb-438a-08d895f9a3b3
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2020 13:04:29.8247 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XGgr5qIOCJGHPo2xEvNUGj3Q5M+9nyeandPJHjX+k72brnii3jbIwVM0JcXbgXKU5IIfGmQ+PWIV66ZjaoXOy2po4sAISRIT05sAb307tcM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB4930
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/s_7LQ36ZgGRy0nOLeqCt959Rs2U>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 13:04:37 -0000

Here is another use case where secure NTP might not be needed.  All the traffic in the application, including ntp is protected by IPsec or MACsec.  Yes that add some delays, but for some applications that is okay.

Doug

On 12/1/20, 5:03 AM, "ntp on behalf of Miroslav Lichvar" <ntp-bounces@ietf.org on behalf of mlichvar@redhat.com> wrote:

    On Tue, Dec 01, 2020 at 10:51:22AM +0100, Dieter Sibold wrote:
    > On 1 Dec 2020, at 9:12, Miroslav Lichvar wrote:
    > > You mean to require all NTP packets to be authenticated? I don't like
    > > that idea. The improvements in NTPv5 are orthogonal to authentication.
    > > NTPv5 is not supposed to be more secure. An NTP client that doesn't
    > > want to implement the complexity of NTS shouldn't be restricted to
    > > NTPv4.
    > > 
    > 
    > Yes, I would propose that by default each NTP packet has to be
    > authenticated. Not using security should be an active decision! I don’t
    > think that security and increased time sync performance have to be
    > orthogonal. The 2-step approach could provide better time sync performance
    > and security.

    Ok, so if the draft said something like "NTP clients SHOULD use
    authentication", would that work for you? Ultimately, it would be up
    to the client's default configuration whether authentication is
    enabled or not.

    > > Isn't that the NTP root delay and dispersion? Together they provide an
    > > estimate of the maximum error in the receive and transmit timestamp.
    > 
    > Uncertainty and maximum error are different. The uncertainty interval will
    > always be smaller or equal to the max. error.

    Can you describe an example how would the server determine the
    uncertainty?

    -- 
    Miroslav Lichvar

    _______________________________________________
    ntp mailing list
    ntp@ietf.org
    https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email