Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft

Heiko Gerstung <> Mon, 07 June 2021 07:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 12F603A3B30 for <>; Mon, 7 Jun 2021 00:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id o_mT9pGDn2GB for <>; Mon, 7 Jun 2021 00:47:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 873DE3A3B2C for <>; Mon, 7 Jun 2021 00:47:56 -0700 (PDT)
Received: from (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 1A34271C1219; Mon, 7 Jun 2021 09:47:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=dkim; t=1623052073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/ubLdK1em5c7N4Gb3afdUsyUeCTHcQPtiizViHaQ9Wc=; b=nb9i90wHd2UeReTOJIwz5rPmxPSJy2NpIecPhE8VrnHwEk8trN6j4DmoJDsbxV7JlyQ2gp cJ8zq+s5zbZOOsx8YbeGyBrf+ICSwjSzhCJXDzZOno2OlvJ7KdnGQ96+4Hf7p76hrz3QEe hPsOQ6DQdHqYETu3jWtwe4YSPtwDWdOoVFmRkHb5Q9iBEqmgpil9q5I/BaFOxLFsXF+aPy UKEBA4DtaSFnDYW0Kd1WUXfM4bKUQ876vYp9e7m/9HMNSpFaKnIQ5rsqnsBlMxf1gjM8OD HO42MeKLM7s4UIb65lYSfseamC56Sf4hygGZu8uaCId+9rlFE8K+ZiV5k3kQug==
Received: from ( []) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS; Mon, 7 Jun 2021 09:47:52 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.49.21050901
Date: Mon, 7 Jun 2021 09:47:47 +0200
Message-ID: <>
Thread-Topic: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
References: <> <> <YLiMp17LeGVOTp+r@localhost> <> <>
In-Reply-To: <>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+Y2NjODMwZjMyMzlhZmM5ZQ==
From: Heiko Gerstung <>
To: Ulrich Windl <>, "" <>, Dieter Sibold <>, "" <>
Cc: "" <>, "" <>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----8A6FDB22667C166C5B0BE1B7DC2458D8"
Archived-At: <>
Subject: Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Jun 2021 07:48:03 -0000

>>>> Doug Arnold <> schrieb am
> 04.06.2021 um 18:45 in Nachricht
> <>
>> I always recommend to network operators that  If you are transfer time across
>> the Internet it should be NTP.  Nevertheless, Inevitably someone is going to
>> run PTP this way.  However, I don’t know that it is something that we need to
>> protect or encourage.
>> People do run PTP over large telecom networks.  Power grid operators
>> sometime run PTP between substations on large telecom like networks to back
>> up GNSS.  Financial data centers sometime like to get time over fiber from a
>> remote national lab.  These applications will likely eventual want to improve
>> the robustness by a having a secure version of PTP.

> Hi!
> Another question is: if PTP is used mostly for corporate "private" networks,
> wouldn't "PTP over VPN" do?

It would probably do the trick in some cases, but not in all of them. Especially if you have to set up a VPN infrastructure for a nationwide telecommunication network where you want to synchronize 20k+ devices. 

> If companies have a "private (more or less) fiber", isn't that "security
> enough"?
No. Does your company use SSH or HTTPS or other encrypted/security protocols in your internal LAN?

> I mean NTP being a "public" protocol, the "NTP over VPN" wouldn't work.
> (Timing-issues left aside)
One of the reasons PTP is not used over public networks is the fact that it is not secure as-is. Once we fixed that, this might change and open up a whole new set of use-cases and applications. But the main target here is to secure sync in these private wide-area-networks where unicast PTP is in use today. 

> Regards,
> Ulrich


Heiko Gerstung 
Managing Director 
MEINBERG® Funkuhren GmbH & Co. KG 
Lange Wand 9 
D-31812 Bad Pyrmont, Germany 
Phone: +49 (0)5281 9309-404 
Fax: +49 (0)5281 9309-9404 
Amtsgericht Hannover 17HRA 100322 
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung 
Do not miss our Time Synchronization Blog:
Connect via LinkedIn:

Am 07.06.21, 09:22 schrieb "ntp im Auftrag von Ulrich Windl" < im Auftrag von>gt;:

    > Doug
    > From: ntp <ntp‑> on behalf of Miroslav Lichvar 
    > <>
    > Date: Thursday, June 3, 2021 at 4:03 AM
    > To: Dieter Sibold <>
    > Cc: Heiko Gerstung <>rg>, NTP WG 
    > <>
    > Subject: Re: [Ntp] NTS4UPTP draft
    > On Wed, Jun 02, 2021 at 11:40:49PM +0200, Dieter Sibold wrote:
    >> In the past PTP is applied mainly in local networks but today it is going
    >> be applied across Internet connection also.
    > Just to clarify, do you mean that people are now using PTP to
    > synchronize clocks over Internet, or that the servers are
    > accessible from Internet and that's why they need to be secured?
    > The former wouldn't make sense to me as PTP relies on hardware support
    > in routers/switches, which is generally missing on Internet.
    > ‑‑
    > Miroslav Lichvar
    > _______________________________________________
    > ntp mailing list

    ntp mailing list