IETF Logo Mail Archive

Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard

tom petch <daedulus@btconnect.com> Fri, 19 February 2021 16:35 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DA773A1121; Fri, 19 Feb 2021 08:35:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBpGLP3wOxne; Fri, 19 Feb 2021 08:35:02 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50093.outbound.protection.outlook.com [40.107.5.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A751B3A1145; Fri, 19 Feb 2021 08:34:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jNfjwoBISDL5Ywa47iFL6P/y7gngczBJR0lfrUlApnYaZfyaRCc7MjuQHLOit5aJrbl48TQAa9LLwt2ZG30Rx08kXmb7A23kw9Rhsp4ch+89xbyU5WHW5O9Qmy5BPhThhVm+Cv9y5b/wshCnqfSxIQR4W7/HVbhX8A7/KrodmbBLQO2fKXwbSD9rfQTUNZR/M5Uv23m7oS7ltjvwgE8szDWHpM+ovM1XUGbSdpSHPCzdrQEoiIrHMrRAOEcCNvJm+yXRVb2EWDlLKnsvz60EQCsvDD29OT5Cdx/FtIV/Dj0Pas6gUE/UtJVBbYSx48/n6i83xuJQSgzmXDtGWsQTXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MWomnOciwjtfLpvdzDZVPCAl5ZprZQDbqsMGwHVycbc=; b=cTyvfwGo0uhvEgy9ZbDY29Y8UWjU0upMz//RXtBRch0klyWPxD3HriegLmpjWy9cZ7K7pRbUSB57s6I5wNp5L8v3b4jH/CeNYy6nK7Ncd2swoG+wbKNJFg9nZPv/ayPuiNjRj1/7m9vc/PgjUovODlXk5J6XbFhcf1zV5+CINlV0g+GYaedyS7gVOjTwZvI96t2dPqM9ElSC0Y3TVDjOI+TlwjVtcOFP6H8Kk/ghbo4CIvVusVA/CMShNKmBeDiBSJGYtkLlo8MBCfW5UdK5qniGCGpEJfSqiSCmLD97H2qz3eKgvOgwvt3HR6h+xrzfJxUFkRDWySFI/1hRlG1CiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MWomnOciwjtfLpvdzDZVPCAl5ZprZQDbqsMGwHVycbc=; b=Khy2wC6KJ+5ntFcR39JU1IQSrE8NljLCzhreJYT86hWN2s7UM9ax2Ln9ffQbXC6CFFAmOPT3cE4ws47GSHwFYxXoH/hy6lWO8N4ezF3TEM30qS3aXbPhZ7MvX4yd2um6AoaG4JZIRr1jPXVW1bOlCEJ4CSV9LBUQbEnyAmAUYjA=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
Received: from DBAPR07MB6695.eurprd07.prod.outlook.com (2603:10a6:10:18a::15) by DBAPR07MB6549.eurprd07.prod.outlook.com (2603:10a6:10:186::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.11; Fri, 19 Feb 2021 16:34:49 +0000
Received: from DBAPR07MB6695.eurprd07.prod.outlook.com ([fe80::5d88:40ae:b250:b5c2]) by DBAPR07MB6695.eurprd07.prod.outlook.com ([fe80::5d88:40ae:b250:b5c2%8]) with mapi id 15.20.3890.010; Fri, 19 Feb 2021 16:34:49 +0000
To: "Salz, Rich" <rsalz@akamai.com>, Danny Mayer <mayer@pdmconsulting.net>, Dhruv Dhody <dhruv.ietf@gmail.com>
References: <161195994417.2651.6499166797756243533@ietfa.amsl.com> <CAB75xn5CQr2yg7wWZHj-sJM7WaaTJK5NF0pzzLhqmx5hHf8GiQ@mail.gmail.com> <60266E12.6070207@btconnect.com> <602A611E.4020306@btconnect.com> <CAB75xn7QVL+F_5bQ8roZYakbADgQ06pChb0ei7Oaf0=eqLu7Mg@mail.gmail.com> <602D0CF9.9090404@btconnect.com> <602F9344.7000808@btconnect.com> <606b2602-a7ba-c6f7-c6d3-5883721a1575@pdmconsulting.net> <7B08EF68-0A3D-49BD-B6F0-206E4E6FF112@akamai.com>
Cc: NTP WG <ntp@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-ntp-yang-data-model@ietf.org" <draft-ietf-ntp-yang-data-model@ietf.org>, "ek.ietf@gmail.com" <ek.ietf@gmail.com>
From: tom petch <daedulus@btconnect.com>
Message-ID: <602FE8A5.2090906@btconnect.com>
Date: Fri, 19 Feb 2021 16:34:45 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <7B08EF68-0A3D-49BD-B6F0-206E4E6FF112@akamai.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO4P123CA0001.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:150::6) To DBAPR07MB6695.eurprd07.prod.outlook.com (2603:10a6:10:18a::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO4P123CA0001.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:150::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3846.36 via Frontend Transport; Fri, 19 Feb 2021 16:34:49 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f6a39142-0883-4c7a-fcf2-08d8d4f446a7
X-MS-TrafficTypeDiagnostic: DBAPR07MB6549:
X-Microsoft-Antispam-PRVS: <DBAPR07MB65498EA2261061C9549D0417C6849@DBAPR07MB6549.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: /s8gA+gO2DoeSUPNpBB71eFSMtEQAesFAMu9X8uu3iDYwsUGALGW3tzwzihBKBeTb5gNAKyxD6ZBMch4JZoEa5wl/eSKlB5UZgQbNoBLSj8VbsCxViRUVhWLPfZ9fvE+XBQNEqJ6TShFi2CBRj38Cswv+vlX4B5Bkam4620VOciMq5VukO6A+CU1n2PrSiRjyiZrccL+nOR7XtFxpqyc5JkPLPKsJEO0BIX4iLHTSETki5WCvvsxmsf2iTI5MHxrAJ5whbtAL/SGshq8FF6j44WqLRbECwsrh4jgNqYmwKbELbHwuk17ODOFkA9TCyRSK+Y99IJ/gHYHcd4GzvLT3iEhmvfOVnuixlSBNCyq+AvXGOjK9oFAXUIeBqW8iNzb6R32ojyNIrnAvk7/Y4lAPZjq3P0+5RnKgzrIzpMBUWahcklfZ8Wu5NVeUlt37OEBCSq0lrr4Lu36cQLJRRRq/VP/zckFbx2KDiL2HtUkfvr0CT/42X4VCYUZJuax+pKlJXLKUGTrW+z7N2xYl2aniA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR07MB6695.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(346002)(136003)(376002)(39860400002)(396003)(316002)(16576012)(87266011)(6666004)(52116002)(4326008)(33656002)(110136005)(54906003)(53546011)(26005)(86362001)(5660300002)(6486002)(478600001)(16526019)(8936002)(186003)(66476007)(36756003)(8676002)(83380400001)(66556008)(956004)(2906002)(2616005)(66946007); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: 0kbdCeEQ8Q0fd7ILNAjgjzrNu0MiTjelRHePUZGAJk6JWHxq+yg05+NxsdezDf+qWy0rra6KGeEihDH7UC17RAwAhrsqIHMfcnVgsoz6aiMJjV4GBuEJvuhRzqQiwof/72R1lUzX1BP+JLinsRHGzqbVsZD17PKIfEGlX+P4Rp48Q9+cnxEakZv9+wMYArOzbztBTGu+aTFEt0z/3AA+CZy+fkFzHPqY0fV0P/oUW9FFS5nBuIJIyynxfX5SOAh5bvjFvLq843NECv+CabbTDpJ6y4bBkKk3ykUklY4eisZjJYa1GVFRJHJB7TCUu0ru54XGyP5xLEdCBnNhM/NFoLWoy4oPbK4UcNBFHhMP6jwNcOnGoMQLbTnfpUdqSE8eG9NKnLCoUzZZZ5aGKflSQ9CTXpexht8eDSScaOgDfwGl3u7crm6DxLlTdlfvjknG0ALI4nloRCUgqL6rzIltzaM7/yrUGeoH8Eu6XoGxCAXEXK8QbGdnNHoQcS84i75yTooc599GKicd9bQPGsvUh1CVdjwiRRCKYG3rhUTiUdF7dBAcHEo0flwuSn9gbGv49jBFWwPT2SUHm8QWlJeTh0mbUdqbcOOGkJ34zbmVKaWEkLUfdR5CCS+cSdEsnhELxL7A9JUrfd55G6dBNvv8KWcpksHQbV2WWtNHooQ//8rK7k6wXRf5NrBkFve7kXm+XA+kmlk6p7DfBYdnIDpOjMhLXByHwMwh1o4kbiOI4jrGc1/oWEscZpxdQnhEAOxW6RimtjcO3L2rWlosaEbKvcKVYFIno93e3pEUfzMu94wZSh+Kz1OViWp/huluAuqqlbj8XkWNCqN1t1gc7lwI/qibhH0iptV5MZwc1HDi5Q9P5CISzyEHaQlhmH9+hvjblFMGV1Li2xDMAOc2HfIgB3zdqzVN5VMY8O6Wn0MoI294cqNjvt57bjTPQwmjWdm31iBTVCH/y1LXdq4RPcfYdwFLSZggexCVf/Bn51/0vD7dctJO+kwg7OaVUELifMBoDR67f3zLGQcwyyolUB/8oP+32SRA0rF5zFOLYNYk1czwK9PFhbpw+JHgkxjSeirgOjDdF15IwT1hQ8dzb5XkGIlkvwvX3nEATXltmOysD1v1g8xE7JvT3CM9PrSsi41YlvIZjDyq5ubqaACeXO1wlp1ddJ2KKNrSSRzoNGYu2+Uvc/a5MGDtQr3/+TnFBN4os61WYoDK/RyEfQXAL5f3T8LsvOCcM6gNgU5JU6cSpYrTFO2jBkFFf0+Qfjvtrt4CY7qDzxaN9PmpXLL1v+QsjPAkLMCn8BWh41/EhfyoQghchLaIWOm/d6y2vM4XYGKq
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f6a39142-0883-4c7a-fcf2-08d8d4f446a7
X-MS-Exchange-CrossTenant-AuthSource: DBAPR07MB6695.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Feb 2021 16:34:49.7230 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ow+SYxMtlt62bhD+kEVtwTyzLUtRLM65ldOq/amggK5FQGm7TBoHJSIvZVnsGQmLRbXCvzcdjmrqnhELOBFNlw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6549
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ugXqUtS-FxO7zyDKjTaqxYUiMTM>
Subject: Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2021 16:35:05 -0000

On 19/02/2021 15:05, Salz, Rich wrote:
> I thought a Yang model was supposed to be an on-the-wire representation of what the server did. Am I wrong? If I'm right, then the issue around MD5 is with the server, not this doc.

Rich

There are two issues with MD5 and NTP.

One is security, where a crypto-hash is used to authenticate NTPv4 
packets, and the hash specified in the NTPv4 base spec was MD5 but this 
was updated by RFC8573 so that MD5 is now deprecated.  I picked up on 
this in my first review, that the YANG model used MD5 and made no 
mention of its deprecation.  I knew that RFC8573 should be included but 
was unclear whether or not it would be acceptable to still include MD5. 
  Ben, Security AD, said yes, we should, and that is what we now have 
(along with a number of other hash).  My recent comment was that the 
Netconf WG label SHA1 as obsolete so should we include it? and what 
about such as SHA3?  The more options the greater a risk of mismatch but 
that is not an issue I am equipped to resolve, likely one for the IESG 
(much as I hate generating work for them).

The other MD5 usage is generating a 32-bit identifier with a good 
probability of being unique, for entities with IPv6 address, and that I 
see no problem with, as Ben confirmed.  That means that the I-D will 
reference the MD5 RFC, which is Informational and so potentially a 
downref.  Again, one for the AD to resolve (which is why I put it first 
on my previous post).

I shall follow the progress of this I-D through the IESG and will learn 
therefrom.

Tom Petch

>

v2.23.0 | Report a Bug | By Email