Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
Daniel Franke <dfoxfranke@gmail.com> Thu, 27 May 2021 13:19 UTC
Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB9813A0AB7 for <ntp@ietfa.amsl.com>; Thu, 27 May 2021 06:19:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z8uK5R3NbT3N for <ntp@ietfa.amsl.com>; Thu, 27 May 2021 06:19:45 -0700 (PDT)
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A45F3A0AC7 for <ntp@ietf.org>; Thu, 27 May 2021 06:19:44 -0700 (PDT)
Received: by mail-pl1-x62e.google.com with SMTP id v13so2315618ple.9 for <ntp@ietf.org>; Thu, 27 May 2021 06:19:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ABRto2iwyEu6gAQLm0FoHftRAgxJMKzXL4pc4+EyF3k=; b=ZSHyB7yiFsUX5C9H2YkCC0f+6tWNtmNt0nW/lTEP934DyDb+XEsOziZiMsoU9LxUk0 +DSjlt0iFmCzu2VKoKLiQsFOY1x0NdnZeImCRpgFPzJyUn9KoXIXLqdXwpVFLZPZ1T0o Xj+//dE7TvosWJ2yC541Pv3LXs0Er+5biqaFPh7P3PPfEKMASo564B9FKCc1bx+P1Ohq FLMxJ4LEigtzUz4209BqsgsqaJv1QiALIghwCwGourGSdcaqtwDQA6FzusfZD6z6Dd2M BIR3MxlK7C0llznoNUsRJzbizq7IbNJj3DHPj9uSCBKdU3RGCl1jsVFGoGf1ts4xLm+N eowg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ABRto2iwyEu6gAQLm0FoHftRAgxJMKzXL4pc4+EyF3k=; b=Pwz0cmM1aHit/nm/ysStAo9fjdIC+fJIrLPnn/vzTNoOo38/0+TkdVVlNPn6EIdAk0 DZtFUV87N8i96OtHY144/xhjFzZDt07dMcmuIziyjiJ9PQRo2tsZtWg+ZtjkbaPSvo0m e8eDLhFBLukyhLbvG8unautyEvRO33XQgWbSCvbw73CLqzbNUEUzjkmX3qPeM/Y0efdO kUAbYf9be7bGpF74L1nX7neg1J4BQI1kEc2XFCv0VRfEtRJ+H33DdvnweFId6HfQWjUP u5+Z9LE38njOz93ws1dx7Q2lU1USQri7H3QqYoNsINLaE1xTjZ22xxzHugRg6SwYWw6+ c6Cg==
X-Gm-Message-State: AOAM531djwoeFaLs/g6OdYehwU4sul7A38zmFC7Ko4IxOvG68pfwbUOP c4B7hkwS/573Uo6n7/bAykriIbcSiDy3MlY1sSw=
X-Google-Smtp-Source: ABdhPJzy/mNAWwZ5qrftyW0j+9KYJSbgHjgtoorO4V0HPFlEtZrktr3Ef2VNPnTaRLuXhzJs+hp9+TsgSuh/FH+L9SE=
X-Received: by 2002:a17:90a:a607:: with SMTP id c7mr3721740pjq.199.1622121583821; Thu, 27 May 2021 06:19:43 -0700 (PDT)
MIME-Version: 1.0
References: <5F0AB4A8-30FB-4EE4-904C-BCC2CDFCA552@meinberg.de> <CAJm83bA=uQb05KMtUJN_qk0J65eaa1Av5OBatrN4mAk3dPC11Q@mail.gmail.com> <D1556106-7B75-48B2-962C-BEDF035DDA26@meinberg.de>
In-Reply-To: <D1556106-7B75-48B2-962C-BEDF035DDA26@meinberg.de>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Thu, 27 May 2021 09:19:32 -0400
Message-ID: <CAJm83bDhGyd-au6+h0U0jaLVLSkiKY_pKDQCcLiSY09dPP5qAQ@mail.gmail.com>
To: Heiko Gerstung <heiko.gerstung@meinberg.de>
Cc: "ntp@ietf.org" <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/sdK4I2GtFij8h7_3hOTE6lY2i5Y>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 13:19:50 -0000
On Thu, May 27, 2021 at 6:15 AM Heiko Gerstung <heiko.gerstung@meinberg.de> wrote: > Who defines which of the goals are more critical than the others? The text of the draft speaks for itself authoritatively; anything further I have to say is just my opinions about it. > It can just use the Sync messages to roughly initialize its time. Even without a two way delay measurement, a client will be able to synchronize its time to the server time in a good enough way to avoid a 8 minute offset. Only if the RTT is >= 16 minutes, you are in trouble. That means our approach is not usable for space ships that do not carry a solar/battery backed up RTC, which is a limitation I can accept. So, I think there's an approach that'll work here, and you're close to it. The key thing is that it's possible to dispense with the 8-minute check if the client has not yet wrapped its sequence numbers for the first time since running NTS-KE. At that point there's no risk of confusing which request a response with a particular sequence number is replying to, because there's only one possibility. By the time wrapping begins, the client should be synchronized and therefore able to apply the 8-minute check. In the unusual case that it isn't synchronized yet, it needs to re-run NTS-KE. > I agree that a client can define its own limits for a maximum delay, I just tried to point out that the definition of MAXDIST is a part of NTP and therefore does not exist in PTP - sorry if that did not come across. MAXDIST includes not only the delay between client and server, "but the whole distance back to the reference clock as reported in the Root Delay field" (RFC8915, Section 8.6). I agree that a client, depending on its own requirements, can define a limit for the delay between itself and the PTP server, but MAXDIST is not a term we can use for PTP. Okay, I don't think we're disagreeing on anything of substance surrounding this point. Yes, PTP will require different terminology. And yes, NTP also includes the server's self-reported maximum error due to upstream hops into its "error budget" when deciding whether a packet is suitable for synchronization, while PTP can't/wouldn't do this. But otherwise, the fundamental concept is the same. > > 1. Send DELAY_REQs at a modest interval. Use the error bounds > > established by these volleys to sanity-check the timestamps in the > > SYNC packets. > That can be done, but it does not require to change the draft - this is standard PTP practice and very implementation/application specific and out of scope for our proposal, as far as I can see. It doesn't require any *on-wire* change. But the necessary client behavior of using the delay messages to establish a range of plausible times that are used to clamp SYNC messages is not described anywhere in the current draft. And, as you've already taken pains to point out, using delay messages to obtain the round-trip measurements that are needed to compute these bounds is definitely not standard PTP practice. > > 2. Send DELAY_REQs frequently, and don't bother requesting SYNC packets at a > > ll. > This will not work and violates the basic concepts of PTP. On the basis of Miroslav's explanation, I agree. > > 3. Get error bounds from altogether outside of PTP and use them to > > sanity-check PTP SYNC packets. > This may be a good additional check, but will ultimately reduce the level of accuracy to the accuracy level of the outside method. PTP applications, as already explained, very often require sub-microsecond accuracy and therefore in most cases it is not useful to set up error bounds which are exceeding the minimum accuracy level required for an application to continue to work. An attacker could still bring down the application itself while staying "below the radar", i.e within the error bounds. Here's what I think you're missing. We need to distinguish between the precision afforded by PTP under normal network conditions, versus under adversarial conditions. Under normal network conditions, the precision afforded by either of our approaches is in the sub-microsecond range that your customers have come to expect from PTP. My approach will have literally no impact at all on PTP's usual precision, because the PTP messages and the way they're processed are untouched Your draft's approach will have some non-zero impact because of the time spent computing the MAC tag, but I expect that with some careful tuning this impact would be too small to measure. So for all intents and purposes we're equivalent on this score. Under adversarial conditions, the potential error of my approach is ±half-RTT, ± some other miscellaneous error terms that don't amount to much by comparison. Without the fixes I've suggested, the potential error of your approach is unbounded. With these fixes, it again becomes the same as mine. Doing better than this through cryptographic means *IS IMPOSSIBLE*. If you want secure sub-microsecond precision, you must get it by physically securing your network segment. If you tell your customers otherwise, you will be selling them snake oil. So, a fixed version of your draft would provide time precision equivalent to what hybrid NTP/PTP provides, both under normal network conditions and under adversarial ones. Unlike hybrid NTP/PTP, it would not provide for client unlinkability or server statelessness, but perhaps we don't care much, and I wouldn't base my opposition to adoption on this alone. My principal objection to adopting NTS4UPTP is that it will be a lot of work for a lot of people over many years before any end-user has access to interoperating implementations of it. In contrast, hybrid NTP/PTP can be had *TODAY*, using linux-ptp and chrony in the configuration that Miroslav suggested a few weeks ago. All the work that's needed is for Miroslav to double-check that chrony enforces the correct the error bounds, and for somebody to write an accessible HOWTO plus *maybe* an Informational RFC. You've not argued any marginal benefit to NTS4UPTP that I think comes close to justifying the development and rollout effort. If you want to change my mind about this, I suggest you try convincing me that PTP has functions that are auxiliary to time synchronization that still need securing. Can an attacker do harm to an unsecured PTP deployment in ways other than just desynchronizing clocks? DDoS amplification is one example, but that can be solved in a much lighter-weight fashion requiring little or no cryptography. What other examples are there? How about the management functions in section 15 — what sort of mischief can be done with those? Is there demand for the ability to use a PKI to secure access to them? If you do convince me via this avenue that there's worthwhile work to be done here, I'll still advocate hybrid NTP/PTP for the long interim before that work is usable.
- [Ntp] NTS4UPTP Rev 03 - Formal request for WG ado… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Kai Heine
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Danny Mayer
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Danny Mayer
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Danny Mayer
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Steve Guendert
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Daniel Franke
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Daniel Franke
- [Ntp] Antwort: Re: Antwort: Re: NTS4UPTP Rev 03 -… kristof.teichel
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Langer, Martin
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- [Ntp] Antw: [EXT] Re: NTS4UPTP Rev 03 - Formal re… Ulrich Windl
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Salz, Rich
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Greg.Dowd
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal reque… kristof.teichel
- Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal r… Heiko Gerstung
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Doug Arnold
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG… Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Antwort: Re: NTS4UPTP Rev … Heiko Gerstung
- Re: [Ntp] Antwort: Re: Antwort: Re: NTS4UPTP Rev … kristof.teichel