Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal request for WG adoption [FORMAL RESPONSES?]

Heiko Gerstung <heiko.gerstung@meinberg.de> Mon, 14 June 2021 06:22 UTC

Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2EB3A1515 for <ntp@ietfa.amsl.com>; Sun, 13 Jun 2021 23:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fu5E35rhEBWM for <ntp@ietfa.amsl.com>; Sun, 13 Jun 2021 23:22:54 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F37223A1512 for <ntp@ietf.org>; Sun, 13 Jun 2021 23:22:53 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 9B5FD71C1229; Mon, 14 Jun 2021 08:22:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1623651771; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HwM0Gsu5hPc5b0i42vMBSgnuP8iDQX9T5W+AOlZrC5k=; b=B1MTx3hC5sc9RwMwdsDCFIVuHFp+NCzViF0TxMSCCePlhUKDozMDfcWGdcM5qnM4k7uHiv RHdoyeY8u7qef0Nwk/Bjs1jdWw9sPzqKv6s73MZFzZKuAwNoIqZDPcCkVc8DqwGL7ru02B MicjtguIT2e3MFcTA0BE7PDixrvIbBjN1Kklltiwb/vU43wfaeivaqJ/eHuBLWSzEuJDBC 3/caKeM3V+5ZMHDNpTwIfHqrBNu2ClC5gu/scCEhoOnu+jltlLfknVOLSsLoMpjlYArtHA m2EVF0n0Mdke04LEOpoliOUgV5C7lAyOjbFuNjVUG2HWmK0Zml2AufLQL9Ke6w==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Mon, 14 Jun 2021 08:22:50 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.49.21050901
Date: Mon, 14 Jun 2021 08:22:48 +0200
Message-ID: <550C32D7-D24A-4068-8EDF-52DF3B4D5E6C@meinberg.de>
Thread-Topic: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal request for WG adoption [FORMAL RESPONSES?]
References: <OFF51374C9.98B99AED-ONC12586E9.002729B7-C12586E9.002729B8@ptb.de> <20210603090654.C885540605C@ip-64-139-1-69.sjc.megapath.net>
In-Reply-To: <20210603090654.C885540605C@ip-64-139-1-69.sjc.megapath.net>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+MmUzMWI2OGZjYWEzMTI2Mw==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Hal Murray <halmurray@sonic.net>, "kristof.teichel@ptb.de" <kristof.teichel@ptb.de>
Cc: NTP WG <ntp@ietf.org>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----1289E316F5587CF3989B2EFF390F8CF7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/uqzHg5AsxuAJAPEdFernyKyyvcY>
Subject: Re: [Ntp] Antwort: Re: NTS4UPTP Rev 03 - Formal request for WG adoption [FORMAL RESPONSES?]
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 06:22:59 -0000

> Am 11.06.21, 17:14 schrieb "ntp im Auftrag von Hal Murray"
> <ntp-bounces@ietf.org im Auftrag von halmurray@sonic.net>gt;:
> 
> 
> I don't know anything about PTP (except what the draft explains).

You can find more explanations about PTP in our blog (https://blog.meinbergglobal.com/), since unicast PTP is quite different from multicast PTP, I recommend these articles:

https://blog.meinbergglobal.com/2014/04/16/unicast-ptp/

https://blog.meinbergglobal.com/2013/09/14/ieee-1588-accurate/

These are short articles. I am sure Doug is happy to answer any questions regarding PTP. 

> 
> I'm working from draft-gerstung-nts4uptp-02.pdf  (which I got a few minutes
> ago)
> 
> I don't see any fatal flaws, but it doesn't feel good.
> 
> You will have to prove that phase 2 is secure.  That doesn't look easy to
> me,
> but I'm not a crypto geek.

We did come up with this proposal after quite a number of iterations and a lot of discussions and we are quite sure it is secure. As already mentioned earlier, nothing provides 100% security, therefore it is important to define what "secure" means. We believe that the proposed draft describes a method of securing unicast PTP to a point where it is "secure enough" for almost all applications.

> Why not move phase 2 to the TLS connection?
That would be an option, but it would require a lot more resources on the uncast PTP server. The current proposal requires the PTP client to establish a TLS connection once or twice a day to the NTS-KE server. Moving phase 2 into the TLS connection would require every PTP client to establish a TLS connection to each unicast PTP server it uses every couple of minutes (or even more often, depending on the duration of the contract (subscription) for the packet transmission). 

> If you do that, is there any need for cookies?
I do not think you would need a cookie in this case.

Best Regards,
    Heiko



-- 
Heiko Gerstung 
Managing Director 
 
MEINBERG® Funkuhren GmbH & Co. KG 
Lange Wand 9 
D-31812 Bad Pyrmont, Germany 
Phone: +49 (0)5281 9309-404 
Fax: +49 (0)5281 9309-9404 
 
Amtsgericht Hannover 17HRA 100322 
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung 
 
Email: 
heiko.gerstung@meinberg.de
Web: 
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com
 
Do not miss our Time Synchronization Blog: 
https://blog.meinbergglobal.com
 
Connect via LinkedIn: 
https://www.linkedin.com/in/heikogerstung