Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑ntpv5‑requirements‑00.txt
David Venhoek <david@venhoek.nl> Fri, 12 August 2022 14:26 UTC
Return-Path: <david@venhoek.nl>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F155C14F74C for <ntp@ietfa.amsl.com>; Fri, 12 Aug 2022 07:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venhoek-nl.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fVTChuKBrcby for <ntp@ietfa.amsl.com>; Fri, 12 Aug 2022 07:26:50 -0700 (PDT)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCEADC14F606 for <ntp@ietf.org>; Fri, 12 Aug 2022 07:26:49 -0700 (PDT)
Received: by mail-yb1-xb2b.google.com with SMTP id 21so1740538ybf.4 for <ntp@ietf.org>; Fri, 12 Aug 2022 07:26:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venhoek-nl.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc; bh=/zlbuH4gwaOWBcVrv6QlKa2u+PA7oKRHxDSh3jYvnbI=; b=HpJfSbRKOXDVRHWSd7fVeWHFxypB2ySAuUY0frrovLhIKVXOEva6jFY6x/JkhfuVDt gfMMaWjzhRJYAvbUoFOgQrHwEZPxJrCbN/CUpgadCBmNZ8nYJwLBuyMG5VQ2mFX2DWea LP+JGFsCY8pNW/4ixCXeCyJeDygabu9R7x4z6Ok3b68HRkJOjty1ddEF6VmkTz55bQ1G cZ8oc1gj9RCtAbW+Zrl2YjUPZ8vIIrkrplPeP+MiYI8CL6yRlf0fx4femyJRZecquUDx 43V1N7zyU60vgke6RcPOEq7sI6xNJ3n7CyHJFc0EjJXhENyQje05bUVfnJ3q9d97938+ bU0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc; bh=/zlbuH4gwaOWBcVrv6QlKa2u+PA7oKRHxDSh3jYvnbI=; b=eykFdGNNK/7x8QKbmV7t/IGZ6HrLv+kITdc8DTukeVQLrPvF8P4ufZ5wkw3pfHXOyh Vsfol4Bi979Tuq+ukyOGAogLzTPlia3a/1IUFu8VXf9hNbQFPzlHhF0fhSOzJ9qEPKmn mwrL0qBXZV9pMU4dMjNibsBSlXLt3CuWak7uwD0N8l9GZlJ6nKnkkx8tRQgHLxQoGKE1 oTGT7jyZ1dO1YYWmQarVZLP8Xs7RWTRAijTw/ZC2UfdHIXDaxgqJI1zfkqX6clXxXZIp 8WEOhCtwSlL+sDn/ye9JzmArmgV1ASgWWuKGChwHQbtLaVtBWGNRyXF1d3Y0YzlprOyK R3Ig==
X-Gm-Message-State: ACgBeo3mzET4GZiaoCPeZMk7Zjn2nUliCTNkWWhfkKAOG3ERJ4i/5GnB +xqhkGmxed3FOhsxnfHqww4iB6A3BzRryO9VhaTpVjozybxLUQ==
X-Google-Smtp-Source: AA6agR7NSbtD/dXV36WxewP76KasmmkNspcHD9pIeUw4eWGw3EVn0jR2Xgi4h3iPG12AQoP7npVd7raoTQaIEH9fY38=
X-Received: by 2002:a25:888a:0:b0:669:9661:912 with SMTP id d10-20020a25888a000000b0066996610912mr3567529ybl.348.1660314408156; Fri, 12 Aug 2022 07:26:48 -0700 (PDT)
MIME-Version: 1.0
References: <165876285947.22203.11524063568909924568@ietfa.amsl.com> <CAPz_-SXK3aGA+dTLy5AtZzYfHykVKf9K4EVnwF2jMkebvkKUYg@mail.gmail.com> <CB90EBD2-18E2-4379-AC14-F006553A7D2A@gmail.com> <d7dd38af-3787-5e42-9f84-2d674a8c2d71@pdmconsulting.net> <62E796DC020000A10004BFCD@gwsmtp.uni-regensburg.de>
In-Reply-To: <62E796DC020000A10004BFCD@gwsmtp.uni-regensburg.de>
From: David Venhoek <david@venhoek.nl>
Date: Fri, 12 Aug 2022 16:26:37 +0200
Message-ID: <CAPz_-SX8iE0aaS8vyQF1oH4mcZ5K3OqT5kmjnWUd-CeB=SjGEA@mail.gmail.com>
To: ntp@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/vSEonmf4RdoCWdETUL7F5Glc1WM>
Subject: Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑ntpv5‑requirements‑00.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 14:26:54 -0000
Given the comments on the refid and its uses and desires around it, I think it would be good to rework that section of the requirements document somewhat. As I can tell, there seem to be two desires here, each of which has different requirements. Perhaps we should reformulate (and even split) this section to better reflect the two desires here. If i have some time this weekend I will try to make a suggestion via the drafts github repo. Going into the nitty gritty for discussion right now, I see the following two parts to the future of refids: 1. A server provided identifier for logging and allow/deny listing I'm not a hundred percent sure on whether we should want this in NTPv5, but if we do, it seems weird to me to rule out something like an FQDN since those are basically the identity building blocks on the internet. If we want this name to be anything more than just something the server claims about itself and want any trust-based backing for it, FQDNs seem to me at least an option worth considering given the existing trust infrastructure around them. 2. Loop detection Thinking about it, I think refids are unnecessary for loop detection, and although they do accelerate rejection of some connections faster, I think we can do with just the stratum mechanism for loop rejection. In general though, I think it would be worthwhile to reconsider the way we require stratum to be calculated, especially in light of clients potentially using an average of more than 1 server as their reference. In such cases, I think rather than the current mechanism (appoint 1 as "the" upstream and add 1 to its stratum) we should at least consider specifying that the nodes stratum should be at least 1 higher than the largest stratum of a server which it "used" (in the sense that it directly influenced steering, rather than just truth-finding) in synchronization. Similar updates should probably also be considered around path-length/error estimates included in the information send by an NTP server. Wording of both however is going to be somewhat tricky in light to the loosening (which we definitely should keep in my opinion) on algorithms. Kind regards, David On Mon, Aug 1, 2022 at 11:03 AM Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote: > > >>> Danny Mayer <mayer@pdmconsulting.net> schrieb am 31.07.2022 um 00:04 in > Nachricht <d7dd38af-3787-5e42-9f84-2d674a8c2d71@pdmconsulting.net>: > > > On 7/26/22 5:52 AM, James wrote: > >> David, > >> Thanks for taking a look, you're definitely asking in the right place. > >> > >> Answers in‑line. > >> > >>> On 26 Jul 2022, at 10:50, David Venhoek <david@venhoek.nl> wrote: > >>> > >>> Dear James, All, > >>> > >>> Having taken a look through this latest draft, I have several > >>> questions regarding some of the proposed requirements: > >>> > >>> Regarding the server identifiers for use by the peer identified as > >>> needed in section 3.1, what would the purpose of these identifiers be? > >> JG: The purpose is to have capability to identify servers without tightly > > coupling to their FDQN/IP address(es) etc, allowing clients to implement > > allow/deny lists, logging/monitoring etc. One of NTPv4's flaws is the tight > > > coupling of refid to host, which in part leads to traffic management > issues. > > > > No, it has nothing to do with that. This is needed for loop detection > > and prevention. The refid is actually rather loosely coupled to a host. > > The main issue is that multihomed hosts can have multiple refids that way. See > the NTP bugzilla. > There's also another issue when peers are manually configured, that does not > prevent corresponding hosts to be found via multicast (.ACST.) and associated a > second time that way. > > Example: > # ntpq -p > remote refid st t when poll reach delay offset > jitter > ============================================================================== > ... > #h18.domain.org 172.20.2.25 2 s 13 64 77 0.166 +1.217 > 0.268 > ... > -h18.domain.org 172.20.2.25 2 u 171 128 7 0.150 +0.928 > 0.028 > ... > > > Currently the refid in the packet is basically the IP address the packet > > that the upstratum server used was sent out on that the server receiving > > it saw. With multiple IP addresses and broadcast and multicast packets > > being sent from the same system this is a poor way to detect loops. > > Correct. > > > > >>> With respect to provisions for NAT, what specifically are the issues > >>> that NAT is causing with current NTPv4 deployments? > >> JG: Not all requirements are based on known existing problems with NTPv4. > > Some requirements in the document (like this and the one below) are > > explicitly mentioned to remind us that they should be covered. NTPv5 should > > > not incidentally make things worse for deployments, and NAT in general > > doesn't make things easier :( > > It's not clear from your statement what you think that the protocol can > > do about NAT's. They're opaque and the clients behind the NAT won't have > > unique post‑NAT addresses. > > The problem is that from remote those NATs look like multiple NTP servers > running on the same host, but using the same REFID. > > >>> What is the reason for wanting a larger rollover timescale for NTPv5? > >>> I have done a number of tests with rollover scenarios recently with > >>> NTPd and a new implementation, and when implementing the wrapping > >>> arithmetic as specified rollover seems to me a non‑issue. It didn't > >>> cause any issues as far as I could tell in the NTP client/server. > >> JG: If we're changing the data model that represents time within NTP to > > support things like linear timescales (and possibly even changing things > like > > epoch) then this is another explicit requirement to cover. You're right the > > > current data model is good for a long time (provided implementations don't > > skip over implementing era numbers). > > You shouldn't be changing the data model. Changing the timescale does > > not change that and would only affect the calculations in how you do > > arithmetic on the timestamps. > >>> Finally, in section 3.7, the requirement of injectable hardware > >>> timestamps without modification of authentication/confidentiality > >>> seems at odds to me with the larger security goals, as in such a > >>> scenario the hardware timestamper is acting exactly as a man in the > >>> middle. Do we have any ideas on how that could be achieved in a secure > >>> way? > >> JG: The point is that middleboxes must not overwrite authenticated data in > a > > packet as the trust is between the client and server, not the box in > between. > > If middleboxes want to include authenticated timestamps and provide the > > information to verify them, then the protocol should probably support that ‑ > > > but from what I've heard so far folks don't seem to be interested in it as > > middleboxes are more common in protected private networks than on "big I" > > internet. > > I think "middleboxes" would add more problems than they solve. > > > Hardware timestamps cannot be authenticated since they won't be able to > > fix up a MAC or other authentication mechanism. Tal and I had a > > discussion on this when he wrote RFC7821, which you should read. > > If they know the keys, why not? But I still think it's a bad idea (like > breaking up TLS encryption to examine the streams for undesired contents). > > Regards, > Ulrich > > > > > Danny > > > > _______________________________________________ > > ntp mailing list > > ntp@ietf.org > > https://www.ietf.org/mailman/listinfo/ntp > > >
- [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requiremen… internet-drafts
- Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requir… David Venhoek
- Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requir… James
- Re: [Ntp] I-D Action: draft-ietf-ntp-ntpv5-requir… Danny Mayer
- [Ntp] Antw: [EXT] Re: I‑D Action: draft‑ietf‑ntp‑… Ulrich Windl
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… David Venhoek
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… David Venhoek
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… Doug Arnold
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… Danny Mayer
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… Danny Mayer
- [Ntp] Antw: Re: [EXT] Re: I‑D Action: draft‑ietf‑… Ulrich Windl
- Re: [Ntp] [EXT] Re: I‑D Action: draft‑ietf‑ntp‑nt… David Venhoek
- [Ntp] Antw: Re: Re: [EXT] Re: I‑D Action: draft‑i… Ulrich Windl
- Re: [Ntp] Antw: Re: Re: [EXT] Re: I‑D Action: dra… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D Actio… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Re: [EXT] Re:… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: Re: Re: [EXT]… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: Re: Re: [EXT]… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: Re: Re: [EXT]… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Hal Murray
- Re: [Ntp] Antw: Re: Antw: Re: Re: [EXT] Re: I‑D A… Danny Mayer