[Ntp] Antw: [EXT] Comments on draft-ietf-ntp-mode-6-cmds-09
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Mon, 31 August 2020 07:48 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 265C43A1084 for <ntp@ietfa.amsl.com>; Mon, 31 Aug 2020 00:48:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70SEBKc3hRgI for <ntp@ietfa.amsl.com>; Mon, 31 Aug 2020 00:48:37 -0700 (PDT)
Received: from mx4.uni-regensburg.de (mx4.uni-regensburg.de [IPv6:2001:638:a05:137:165:0:4:4e7a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFBE83A1083 for <ntp@ietf.org>; Mon, 31 Aug 2020 00:48:36 -0700 (PDT)
Received: from mx4.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 1E7EE6000055 for <ntp@ietf.org>; Mon, 31 Aug 2020 09:48:33 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx4.uni-regensburg.de (Postfix) with ESMTP id F3BE4600004A for <ntp@ietf.org>; Mon, 31 Aug 2020 09:48:31 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 31 Aug 2020 09:48:31 +0200
Message-Id: <5F4CAB4D020000A10003AFFF@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Mon, 31 Aug 2020 09:48:29 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: brian@innovationslab.net, Hal Murray <hmurray@megapathdsl.net>
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <20200828192917.1AD8840605C@ip-64-139-1-69.sjc.megapath.net>
In-Reply-To: <20200828192917.1AD8840605C@ip-64-139-1-69.sjc.megapath.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/trkRpjvLJ8W4IVzEXnAIN2BOtiY>
Subject: [Ntp] Antw: [EXT] Comments on draft-ietf-ntp-mode-6-cmds-09
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 07:48:41 -0000
>>> Hal Murray <hmurray@megapathdsl.net> schrieb am 28.08.2020 um 21:29 in Nachricht <20200828192917.1AD8840605C@ip-64-139-1-69.sjc.megapath.net>: > Bottom of page 6: "suggested elsewhere in this document" > I think a section number would help. Definitely! > > Page 5, first paragraph of section 2: "Bit positions marked as 0..." > There aren't any. > > Page 5 ‑ packet diagram. The Authenticator says "96 bits". > That should be 20 or 24 bytes. > > I don't know of an up to date reference for NTP shared key authentication. > We > should at least reference RFC 8573 Message Authentication Code for the > Network > Time Protocol > > Do we want to say more? I think we can come up with something in a few > paragraphs. Maybe an appendix? > > Page 7: The Authenticator description refers to RFC 1305. We need something > > better. See above. > > Page 9: "OMEGA", "MSF", and "GEOS" > Does anybody even know what OMEGA and GEOS were? Yes ;-) > Wikipedia says OMEGA was shut down in 1997. > Wikipedia says GEOS‑3 was shut down in 1979. But the ports for echo and discard are still reserved, right? ;-) > > MSF is the UK version of WWVB. I think that should be bumped up to the VLF > line. > DCF77 is the German equivalent. I think we should keep the names, but not assume everybody knows what they mean. Add some short explanation, maybe. > > Page 13: The pdf as printed on my printer has several instances of "<169>" > and "<170>". I can't figure out what they are trying to tell me. It looks > like they might be left/right quotes. I guess typographical quotes. Actually I found it (with some background knowlege): Dave was using Ventura Publisher. I found an old reference manual: In Appendix E-4 (page 348) ist lists character codes 169 and 170 as quotes "66" (“) and "99" (”), respectively. > > Page 13: There are several references to variables in RFC 5905. I think > that's too restrictive. It doesn't allow for new variables such as counters > > for NTS. How about something like "such as the ones described in RFC 5905"? > > Page 14, Read variables: "and values". I don't think values make sense when > > reading. That idea belongs in the next paragraph. > > Page 15/16: Are the details of the nonce relevant? I think of it as a > string > to be returned. (I would have called it a cookie rather than a nonce.) > > Page 17: Should the discussion of time‑shifting attacks mention > data‑minimization? > https://tools.ietf.org/html/draft‑ietf‑ntp‑data‑minimization‑04 Does it explain the attack? I feel: No... > > Page 17, last paragraph. I think it is common to allow query from the > local > network. That paragraph hints at it, but doesn't actually say that ntpd (or > > at lease some implementations) has an access control list. > > Page 18, top paragraph. The mode 7 monlist was nuked many years ago and > replaced by a mode 6 Read MRU(10) that needs a nonce. Is there a good > writeup > of the monster DDoS event that triggered that change? Wouldn't it be enough to explain that the request size is N bytes, while the response from a server (say with C clients or servers) would be M bytes? > > Page 20, packet chart: The optional MAC should be 16 or 20 bytes. This > packet > chart splits the Authentication into KeyID and MAC. The corresponding chart > > for mode 6 on page 5 lumps them together. Should we be consistent? > > Page 21, MAC: "defined by the version..." Huh? > > > > ‑‑ > These are my opinions. I hate spam. > > > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] Comments on draft-ietf-ntp-mode-6-cmds-09 Hal Murray
- [Ntp] Antw: [EXT] Comments on draft-ietf-ntp-mode… Ulrich Windl