Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
Heiko Gerstung <heiko.gerstung@meinberg.de> Mon, 07 June 2021 07:48 UTC
Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F603A3B30 for <ntp@ietfa.amsl.com>; Mon, 7 Jun 2021 00:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_mT9pGDn2GB for <ntp@ietfa.amsl.com>; Mon, 7 Jun 2021 00:47:56 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873DE3A3B2C for <ntp@ietf.org>; Mon, 7 Jun 2021 00:47:56 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 1A34271C1219; Mon, 7 Jun 2021 09:47:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=dkim; t=1623052073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/ubLdK1em5c7N4Gb3afdUsyUeCTHcQPtiizViHaQ9Wc=; b=nb9i90wHd2UeReTOJIwz5rPmxPSJy2NpIecPhE8VrnHwEk8trN6j4DmoJDsbxV7JlyQ2gp cJ8zq+s5zbZOOsx8YbeGyBrf+ICSwjSzhCJXDzZOno2OlvJ7KdnGQ96+4Hf7p76hrz3QEe hPsOQ6DQdHqYETu3jWtwe4YSPtwDWdOoVFmRkHb5Q9iBEqmgpil9q5I/BaFOxLFsXF+aPy UKEBA4DtaSFnDYW0Kd1WUXfM4bKUQ876vYp9e7m/9HMNSpFaKnIQ5rsqnsBlMxf1gjM8OD HO42MeKLM7s4UIb65lYSfseamC56Sf4hygGZu8uaCId+9rlFE8K+ZiV5k3kQug==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Mon, 7 Jun 2021 09:47:52 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.49.21050901
Date: Mon, 07 Jun 2021 09:47:47 +0200
Message-ID: <87286818-7841-4CC5-80A7-F9836B925F79@meinberg.de>
Thread-Topic: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
References: <C3693A60-E1A0-4570-91C3-876EB584B468@meinberg.de> <A2CB8908-86BE-4FB0-959C-7FF1DED9B421@gmail.com> <YLiMp17LeGVOTp+r@localhost> <AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com> <60BDC91E020000A1000418E6@gwsmtp.uni-regensburg.de>
In-Reply-To: <60BDC91E020000A1000418E6@gwsmtp.uni-regensburg.de>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+Y2NjODMwZjMyMzlhZmM5ZQ==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Ulrich Windl <ulrich.windl@rz.uni-regensburg.de>, "doug.arnold=40meinberg-usa.com@dmarc.ietf.org" <doug.arnold=40meinberg-usa.com@dmarc.ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>, "mlichvar@redhat.com" <mlichvar@redhat.com>
Cc: "heiko.gerstung=40meinberg.de@dmarc.ietf.org" <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, "ntp@ietf.org" <ntp@ietf.org>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----8A6FDB22667C166C5B0BE1B7DC2458D8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/uwEaWThsiOVadIrowLXFpy5kefM>
Subject: Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 07:48:03 -0000
>>>> Doug Arnold <doug.arnold=40meinberg-usa.com@dmarc.ietf.org> schrieb am > 04.06.2021 um 18:45 in Nachricht > > <AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com> > >> I always recommend to network operators that If you are transfer time across >> the Internet it should be NTP. Nevertheless, Inevitably someone is going to >> run PTP this way. However, I don’t know that it is something that we need to >> protect or encourage. >> People do run PTP over large telecom networks. Power grid operators >> sometime run PTP between substations on large telecom like networks to back >> up GNSS. Financial data centers sometime like to get time over fiber from a >> remote national lab. These applications will likely eventual want to improve >> the robustness by a having a secure version of PTP. > Hi! > > Another question is: if PTP is used mostly for corporate "private" networks, > wouldn't "PTP over VPN" do? It would probably do the trick in some cases, but not in all of them. Especially if you have to set up a VPN infrastructure for a nationwide telecommunication network where you want to synchronize 20k+ devices. > If companies have a "private (more or less) fiber", isn't that "security > enough"? No. Does your company use SSH or HTTPS or other encrypted/security protocols in your internal LAN? > I mean NTP being a "public" protocol, the "NTP over VPN" wouldn't work. > (Timing-issues left aside) One of the reasons PTP is not used over public networks is the fact that it is not secure as-is. Once we fixed that, this might change and open up a whole new set of use-cases and applications. But the main target here is to secure sync in these private wide-area-networks where unicast PTP is in use today. > Regards, > Ulrich Regards, Heiko -- Heiko Gerstung Managing Director MEINBERG® Funkuhren GmbH & Co. KG Lange Wand 9 D-31812 Bad Pyrmont, Germany Phone: +49 (0)5281 9309-404 Fax: +49 (0)5281 9309-9404 Amtsgericht Hannover 17HRA 100322 Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung Email: heiko.gerstung@meinberg.de Web: Deutsch https://www.meinberg.de English https://www.meinbergglobal.com Do not miss our Time Synchronization Blog: https://blog.meinbergglobal.com Connect via LinkedIn: https://www.linkedin.com/in/heikogerstung Am 07.06.21, 09:22 schrieb "ntp im Auftrag von Ulrich Windl" <ntp-bounces@ietf.org im Auftrag von Ulrich.Windl@rz.uni-regensburg.de>: > > Doug > > From: ntp <ntp‑bounces@ietf.org> on behalf of Miroslav Lichvar > <mlichvar@redhat.com> > Date: Thursday, June 3, 2021 at 4:03 AM > To: Dieter Sibold <dsibold.ietf@gmail.com> > Cc: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, NTP WG > <ntp@ietf.org> > Subject: Re: [Ntp] NTS4UPTP draft > On Wed, Jun 02, 2021 at 11:40:49PM +0200, Dieter Sibold wrote: >> In the past PTP is applied mainly in local networks but today it is going to >> be applied across Internet connection also. > > Just to clarify, do you mean that people are now using PTP to > synchronize clocks over Internet, or that the servers are > accessible from Internet and that's why they need to be secured? > > The former wouldn't make sense to me as PTP relies on hardware support > in routers/switches, which is generally missing on Internet. > > ‑‑ > Miroslav Lichvar > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] NTS4UPTP draft Heiko Gerstung
- Re: [Ntp] NTS4UPTP draft Dieter Sibold
- Re: [Ntp] NTS4UPTP draft Miroslav Lichvar
- Re: [Ntp] NTS4UPTP draft Doug Arnold
- [Ntp] Antw: [EXT] Re: NTS4UPTP draft Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft Heiko Gerstung
- Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft Doug Arnold