Re: [Ntp] NTPv5 draft
Doug Arnold <doug.arnold@meinberg-usa.com> Tue, 01 December 2020 13:04 UTC
Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29CA3A0A90 for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 05:04:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfhY8CZP9Rdv for <ntp@ietfa.amsl.com>; Tue, 1 Dec 2020 05:04:34 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130050.outbound.protection.outlook.com [40.107.13.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E12A43A09E0 for <ntp@ietf.org>; Tue, 1 Dec 2020 05:04:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gwBWp9Bq7GPTTC5xz7dSoJDMK8WiE76ME8uqPLytIZcAuBQ6HhYHPXJ5wvt6WDH+sYTN+2/XMaGbVfwLgIy7bKuK+68UUctjCPzCcohUuwA4qfpsM8+gap3wrQxnnX4gso0L9U19OlAkaemRq0QlWEfRRxPpQ+dIcJ7kQ0SJ7uuwXP2fF4QC40fCoq8Kia+958WlYJ8qpywrq97DT5QlB6j1UsVK9gDTaOj1Evxtvw5IS7YnSlGa5QWiuBzSHvTL8X3kJIy/7rguANddmtbE706bjVluA8N5N+nB3yIveI6vJr3dhZAg1shzycpemvDqj3pRui4eVliW+lSNeKPgqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sl5G8jgvtRnVGN9Y6xMXEJpzWrsn7UcNXR/rRjf6Q8Q=; b=SHJpUY9Bs9sfbQk41dSANc0Osl9Up245vN81lVHK2knL0DZuyUooDHbQh+i2JxEuTZ+WshGmjTnixprEG1LhjADwipXG/xidTqvErWyzPPjy4sdIKV9vaNykuzlt4DmNSCW1RqxSbZGuQ5DYSEQtK8vWXU6/hN5HNvu8mSW07baGgxWdQ3fOBc7oviBImKYcTHaEjE+YHLoDNX4Pp0hKq+KW1Qk33qwQ6gXxnlBZHfnP9sSAKQLvOjy4kR3L7wg8uUNO0zEyDh+MVKnJUzThwMK4axlkBVKOPjE1WX+nHjbhkOlUU4jLU89NNbXiNKYoQJleemdp/ch0xNTAkKxVzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sl5G8jgvtRnVGN9Y6xMXEJpzWrsn7UcNXR/rRjf6Q8Q=; b=UNCqvBW+dPpeJISoKFsa16/+kpMZQP1QFnpBS6v+UZFBSnlVZ6xakiKsP6RBRL9FBqA/c8uaSawpO9p3Cgn4KH4aorlOYwALFDFYaHcakKEd6KruK2eX+qOwYMrRNDWbsqM3VS5SS3UIzZhWQrbKbsb3cDNn62MvWF2n1va3RCE=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB4930.eurprd02.prod.outlook.com (2603:10a6:20b:34::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.23; Tue, 1 Dec 2020 13:04:29 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::d022:fca0:630d:905f]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::d022:fca0:630d:905f%6]) with mapi id 15.20.3611.031; Tue, 1 Dec 2020 13:04:29 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Dieter Sibold <dsibold.ietf@gmail.com>
CC: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTPv5 draft
Thread-Index: AQHWuEaDlKEJhbHR1E2C9HXHW1gbZ6nhKNUAgADZ6oCAABvAAIAAA0aA///e3YA=
Date: Tue, 01 Dec 2020 13:04:29 +0000
Message-ID: <7FD4E2DD-04A0-4B62-BBD4-EE5F00236831@meinberg-usa.com>
References: <20201111161947.GG1559650@localhost> <AA848C67-CFB7-43FC-B190-FD3911360373@gmail.com> <20201201081203.GB1900232@localhost> <2B8C7410-DFA7-4A87-A33E-F50FFA96D0F9@gmail.com> <20201201100305.GK1900232@localhost>
In-Reply-To: <20201201100305.GK1900232@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.43.20110804
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c0901093-a15d-46cb-438a-08d895f9a3b3
x-ms-traffictypediagnostic: AM6PR02MB4930:
x-microsoft-antispam-prvs: <AM6PR02MB4930EE2986847AD7ECB3DC69CFF40@AM6PR02MB4930.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2q5/YIpXzIp2qnDQfmuJz8bMhEANtWvSm6XxKShpCNTgBloMKibIOlAylDdAQqxQPvYgta3nRp/utNobS5xw4/0Eh1CVeGWJT94C+Q8K2gfSpJHYFYU7xeqa3lZYrKOtV/PV0ZRBceSrQ0iQaroYerB0OuyvGBpu+D3DmpUD8v4KyHXtC5DpclosylLLo9Z5MaBRyMfPMRKneKZMqN7JzP3eaZq4kF2rrQPB6Ig/CAhPd+1eWZKJmPdeVHPIJ2W+7MutcLwsOs6g9pTpQ6lclXJHjYNpNHe39qz7vMzsudowY/piNpI4WeFs8VZhWb97HROeKltPi4K9JGtXrjYRCM+ZtQZj8o/vXKrseHWW7a5u8khlst7wM7B9AUUBhWo8E+VeEAjuAT0A5xZ3u9FDSw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(346002)(8676002)(4326008)(66446008)(71200400001)(966005)(5660300002)(6512007)(6486002)(2906002)(33656002)(26005)(110136005)(44832011)(8936002)(6506007)(508600001)(83380400001)(186003)(86362001)(2616005)(66476007)(66556008)(76116006)(64756008)(66946007)(36756003)(53546011)(91956017); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: eTCwdGYr1Sckd7rfU/N5vuNhnGBOjBojvtqTweRbthE14p/WGop6C7GUecQ8zclDTGwNw+AD4yMc7qN0bu7C712G061BDXEDmnVXlekE26BYum0QvbzmFNaaIEyQYHjgOBMUBrDVmBLYgGTAdGx8xzsmOurMeDMUTeaEvUXl1G+95HCqugahWyIFXfTomVETW58kYI+g2AmMrMAKXRDYGZRaWr7hpDSA11jugenSc5DtEa/aHj6aVGtpLF+1X4MnsPX7ncORNObNwngpc/DyGEUJWdNW7nsOefm8FiwmTiZaWbB72CmOZ0H/c7GId2o22KSv9Jjtnc13W0pENUIwOyKz04tpQXp9M7FV7+Om+muYFz/G4bVXwqitiHLu+S/x+L1cHfM6ZCPgdNXKr9fmY2YOXRpUW+L9vcY9ybyG/Vf+YnPxcdibTym57IlL4u8mgN+y4CdH1CrjstAYt7lxL6wkJ1uq03Df7R5Avp+RKtGMP386FwKhCXwht3G2vdmXrL3W+NUpYlyoE8yPlOsmac9LhwLNnVlgoqZPB7J+gm+COqRQUllUpUgNd6rFx9tv2/DZ7oJWSpYwJvEbv8lYk7iPRkqI5U9SBpdR3qBaljTNhGN8ChSpzM5qDFJrevQotz4Len6pWAGT3gD48LiXuZu0Peh0OKys5MllaU1omLZHczCHviWo83yXKyinOvSTIdJqYodbRuV4+cgM2fYL0LXwSkAwcmP02ANOfsO1tEhVh7rcWZ45T1nFEeEf/l+VnOyzgTIYnA4fAnT2Pho7LdScja5ajvUf0I347wNFhm1tSTvf5R/Z7DXd4QdW3m2JN/q0hPeiasbyAwvwtR7n2yjmemHiKPG5HltoWiqOLvaN2pfJBtOuX/pM4akmlz0J6Y1EDwvR0HObu6JexqlhN0SYLB1jJAqb7el9OBM4ttpMqPKXou3z9ux2XZlo7pAfND/v6/aKExguFQdggI0PZSEWPU10SLSvML/Dskzstup4dPJqwLcHDSZ+67h8DMx2
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <404AFFB5F4A09A4B97FC44B5F229E36C@eurprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c0901093-a15d-46cb-438a-08d895f9a3b3
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2020 13:04:29.8247 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XGgr5qIOCJGHPo2xEvNUGj3Q5M+9nyeandPJHjX+k72brnii3jbIwVM0JcXbgXKU5IIfGmQ+PWIV66ZjaoXOy2po4sAISRIT05sAb307tcM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB4930
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/s_7LQ36ZgGRy0nOLeqCt959Rs2U>
Subject: Re: [Ntp] NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 13:04:37 -0000
Here is another use case where secure NTP might not be needed. All the traffic in the application, including ntp is protected by IPsec or MACsec. Yes that add some delays, but for some applications that is okay. Doug On 12/1/20, 5:03 AM, "ntp on behalf of Miroslav Lichvar" <ntp-bounces@ietf.org on behalf of mlichvar@redhat.com> wrote: On Tue, Dec 01, 2020 at 10:51:22AM +0100, Dieter Sibold wrote: > On 1 Dec 2020, at 9:12, Miroslav Lichvar wrote: > > You mean to require all NTP packets to be authenticated? I don't like > > that idea. The improvements in NTPv5 are orthogonal to authentication. > > NTPv5 is not supposed to be more secure. An NTP client that doesn't > > want to implement the complexity of NTS shouldn't be restricted to > > NTPv4. > > > > Yes, I would propose that by default each NTP packet has to be > authenticated. Not using security should be an active decision! I don’t > think that security and increased time sync performance have to be > orthogonal. The 2-step approach could provide better time sync performance > and security. Ok, so if the draft said something like "NTP clients SHOULD use authentication", would that work for you? Ultimately, it would be up to the client's default configuration whether authentication is enabled or not. > > Isn't that the NTP root delay and dispersion? Together they provide an > > estimate of the maximum error in the receive and transmit timestamp. > > Uncertainty and maximum error are different. The uncertainty interval will > always be smaller or equal to the max. error. Can you describe an example how would the server determine the uncertainty? -- Miroslav Lichvar _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Steven Sommars
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft James
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTPv5 d… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: NTP… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: NTPv5 draft Kurt Roeckx
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Dieter Sibold
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Doug Arnold
- Re: [Ntp] NTPv5 draft Philip Prindeville
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Marcus Dansarie
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft Warner Losh
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Magnus Danielson
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] NTPv5 draft Salz, Rich
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 draft Ulrich Windl
- [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft kristof.teichel
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Hal Murray
- Re: [Ntp] NTPv5 draft James
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Miroslav Lichvar
- Re: [Ntp] NTPv5 draft Miroslav Lichvar
- Re: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft Christer Weinigel