Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft

Heiko Gerstung <heiko.gerstung@meinberg.de> Mon, 07 June 2021 07:48 UTC

Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F603A3B30 for <ntp@ietfa.amsl.com>; Mon, 7 Jun 2021 00:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_mT9pGDn2GB for <ntp@ietfa.amsl.com>; Mon, 7 Jun 2021 00:47:56 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873DE3A3B2C for <ntp@ietf.org>; Mon, 7 Jun 2021 00:47:56 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 1A34271C1219; Mon, 7 Jun 2021 09:47:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=dkim; t=1623052073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/ubLdK1em5c7N4Gb3afdUsyUeCTHcQPtiizViHaQ9Wc=; b=nb9i90wHd2UeReTOJIwz5rPmxPSJy2NpIecPhE8VrnHwEk8trN6j4DmoJDsbxV7JlyQ2gp cJ8zq+s5zbZOOsx8YbeGyBrf+ICSwjSzhCJXDzZOno2OlvJ7KdnGQ96+4Hf7p76hrz3QEe hPsOQ6DQdHqYETu3jWtwe4YSPtwDWdOoVFmRkHb5Q9iBEqmgpil9q5I/BaFOxLFsXF+aPy UKEBA4DtaSFnDYW0Kd1WUXfM4bKUQ876vYp9e7m/9HMNSpFaKnIQ5rsqnsBlMxf1gjM8OD HO42MeKLM7s4UIb65lYSfseamC56Sf4hygGZu8uaCId+9rlFE8K+ZiV5k3kQug==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Mon, 7 Jun 2021 09:47:52 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.49.21050901
Date: Mon, 7 Jun 2021 09:47:47 +0200
Message-ID: <87286818-7841-4CC5-80A7-F9836B925F79@meinberg.de>
Thread-Topic: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
References: <C3693A60-E1A0-4570-91C3-876EB584B468@meinberg.de> <A2CB8908-86BE-4FB0-959C-7FF1DED9B421@gmail.com> <YLiMp17LeGVOTp+r@localhost> <AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com> <60BDC91E020000A1000418E6@gwsmtp.uni-regensburg.de>
In-Reply-To: <60BDC91E020000A1000418E6@gwsmtp.uni-regensburg.de>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+Y2NjODMwZjMyMzlhZmM5ZQ==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Ulrich Windl <ulrich.windl@rz.uni-regensburg.de>, "doug.arnold=40meinberg-usa.com@dmarc.ietf.org" <doug.arnold=40meinberg-usa.com@dmarc.ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>, "mlichvar@redhat.com" <mlichvar@redhat.com>
Cc: "heiko.gerstung=40meinberg.de@dmarc.ietf.org" <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, "ntp@ietf.org" <ntp@ietf.org>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----8A6FDB22667C166C5B0BE1B7DC2458D8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/uwEaWThsiOVadIrowLXFpy5kefM>
Subject: Re: [Ntp] Antw: [EXT] Re: NTS4UPTP draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 07:48:03 -0000

>>>> Doug Arnold <doug.arnold=40meinberg-usa.com@dmarc.ietf.org> schrieb am
> 04.06.2021 um 18:45 in Nachricht
> 
> <AM7PR02MB5765DAE47BF68F331CBE7BE8CF3B9@AM7PR02MB5765.eurprd02.prod.outlook.com>
> 
>> I always recommend to network operators that  If you are transfer time across
>> the Internet it should be NTP.  Nevertheless, Inevitably someone is going to
>> run PTP this way.  However, I don’t know that it is something that we need to
>> protect or encourage.
>> People do run PTP over large telecom networks.  Power grid operators
>> sometime run PTP between substations on large telecom like networks to back
>> up GNSS.  Financial data centers sometime like to get time over fiber from a
>> remote national lab.  These applications will likely eventual want to improve
>> the robustness by a having a secure version of PTP.

> Hi!
> 
> Another question is: if PTP is used mostly for corporate "private" networks,
> wouldn't "PTP over VPN" do?

It would probably do the trick in some cases, but not in all of them. Especially if you have to set up a VPN infrastructure for a nationwide telecommunication network where you want to synchronize 20k+ devices. 

> If companies have a "private (more or less) fiber", isn't that "security
> enough"?
No. Does your company use SSH or HTTPS or other encrypted/security protocols in your internal LAN?

> I mean NTP being a "public" protocol, the "NTP over VPN" wouldn't work.
> (Timing-issues left aside)
One of the reasons PTP is not used over public networks is the fact that it is not secure as-is. Once we fixed that, this might change and open up a whole new set of use-cases and applications. But the main target here is to secure sync in these private wide-area-networks where unicast PTP is in use today. 

> Regards,
> Ulrich

Regards,
   Heiko




-- 
Heiko Gerstung 
Managing Director 
 
MEINBERG® Funkuhren GmbH & Co. KG 
Lange Wand 9 
D-31812 Bad Pyrmont, Germany 
Phone: +49 (0)5281 9309-404 
Fax: +49 (0)5281 9309-9404 
 
Amtsgericht Hannover 17HRA 100322 
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung 
 
Email: 
heiko.gerstung@meinberg.de
Web: 
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com
 
Do not miss our Time Synchronization Blog: 
https://blog.meinbergglobal.com
 
Connect via LinkedIn: 
https://www.linkedin.com/in/heikogerstung
 
 

Am 07.06.21, 09:22 schrieb "ntp im Auftrag von Ulrich Windl" <ntp-bounces@ietf.org im Auftrag von Ulrich.Windl@rz.uni-regensburg.de>gt;:


    > 
    > Doug
    > 
    > From: ntp <ntp‑bounces@ietf.org> on behalf of Miroslav Lichvar 
    > <mlichvar@redhat.com>
    > Date: Thursday, June 3, 2021 at 4:03 AM
    > To: Dieter Sibold <dsibold.ietf@gmail.com>
    > Cc: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>rg>, NTP WG 
    > <ntp@ietf.org>
    > Subject: Re: [Ntp] NTS4UPTP draft
    > On Wed, Jun 02, 2021 at 11:40:49PM +0200, Dieter Sibold wrote:
    >> In the past PTP is applied mainly in local networks but today it is going
    to
    >> be applied across Internet connection also.
    > 
    > Just to clarify, do you mean that people are now using PTP to
    > synchronize clocks over Internet, or that the servers are
    > accessible from Internet and that's why they need to be secured?
    > 
    > The former wouldn't make sense to me as PTP relies on hardware support
    > in routers/switches, which is generally missing on Internet.
    > 
    > ‑‑
    > Miroslav Lichvar
    > 
    > _______________________________________________
    > ntp mailing list
    > ntp@ietf.org 
    > https://www.ietf.org/mailman/listinfo/ntp 



    _______________________________________________
    ntp mailing list
    ntp@ietf.org
    https://www.ietf.org/mailman/listinfo/ntp