Re: [ntpwg] Antw: Re: Antw: Re: call for adoption (draft-dfranke-ntp-data-minimization)
Daniel Franke <dfoxfranke@gmail.com> Tue, 28 March 2017 14:08 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF3391299DE for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 28 Mar 2017 07:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.093
X-Spam-Level:
X-Spam-Status: No, score=-1.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oId9WxA2HU2Z for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 28 Mar 2017 07:08:30 -0700 (PDT)
Received: from lists.ntp.org (psp3.ntp.org [185.140.48.241]) by ietfa.amsl.com (Postfix) with ESMTP id 60BF8129552 for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 28 Mar 2017 07:08:30 -0700 (PDT)
Received: from psp3.ntp.org (localhost.ntp.org [127.0.0.1]) by lists.ntp.org (Postfix) with ESMTP id 18AE786DBCA for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 28 Mar 2017 14:08:30 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (fortinet.ntp.org [10.224.90.254]) by lists.ntp.org (Postfix) with ESMTP id A435186DAE6 for <ntpwg@lists.ntp.org>; Tue, 28 Mar 2017 14:08:26 +0000 (UTC)
Received: from mail-qt0-f178.google.com ([209.85.216.178]) by mail1.ntp.org with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <dfoxfranke@gmail.com>) id 1csrnG-000I2d-LR for ntpwg@lists.ntp.org; Tue, 28 Mar 2017 14:08:26 +0000
Received: by mail-qt0-f178.google.com with SMTP id r45so64726163qte.3 for <ntpwg@lists.ntp.org>; Tue, 28 Mar 2017 07:08:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ERFHjJMJnd1zA+sJ4eS6iSf4JU+glWBQPr8ji6pPqgk=; b=EQpewmS9bM4y/7lkJFCEZ2cCXTMQveuQYxINJ4tliM31vZwvdTJMTf9JWWH9z7xjHd nArMC/viHO8KE1wVAHPbeZSFagQkEtOb2+mi3+d11ejm/slJS3nmWW2j2pIoO1z/1I6L NMzRykos7vlpFTtNcEVGmRYvTDxvFziphKOLm0dklsohkHO3DknflF10IOEIlSAi29U0 fcRO1QA0squ8IF2g2tXlIctmY4gciKMAoal3buYOideFXTqFOMRdRLA2cVZvt04tSU5U 3hC6ZB2xMyHWox0sESWvAHg0/8d/HsJyQ9Ty4mzR1EnFZgHL0mgA5cb2YwEce9eO0NmE RIAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ERFHjJMJnd1zA+sJ4eS6iSf4JU+glWBQPr8ji6pPqgk=; b=B9ojON8EmAjgCjptZsFBWRQOWmx/BUmeNz/BI6fYuBfWP4gNkrWurdH/F/n3DznVls VejeroCuxFXSbGYqKtjTXckQh58k98R0JIbLquW/EMT24Ofs3+FkacF/hm7cvRXRATEU FszAsXKFFGfRKurolv19FB2dp2DfJsEnbBqvLyQZ+Io3+O57xY/p+vCuIaUaxWMbDnjM 4JxxbUbSU+zcAbLZA40v928n0x4+JmET4G2KIGbR7xj8c4EEdC5qWZ4s6LMk/IflJzOQ ZChps7+FPl/aTx0x9X2geGxPqxramrMl3AJMDEtWXM9aZwa9rcm0WFdc1eWO1VO6TAGr iCtQ==
X-Gm-Message-State: AFeK/H0LxTrmnfFZEuVJHxx1cnu1rkRtX8fPpso356NNmcCwBRlHFKc3g5EyeFbZAzBgst2tabm+uGTvh+WoHg==
X-Received: by 10.200.52.161 with SMTP id w30mr25706510qtb.69.1490710097922; Tue, 28 Mar 2017 07:08:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.136.119 with HTTP; Tue, 28 Mar 2017 07:08:16 -0700 (PDT)
In-Reply-To: <58DA0F83020000A1000255CF@gwsmtp1.uni-regensburg.de>
References: <CA564C5C-6CED-4810-BA2F-5433F2525249@isoc.org> <20170327133842.GK8192@localhost> <58D9FD22020000A1000255AD@gwsmtp1.uni-regensburg.de> <4cff4cd7-1eec-0e72-b235-1a8d65fc7fc4@nwtime.org> <58DA0F83020000A1000255CF@gwsmtp1.uni-regensburg.de>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Tue, 28 Mar 2017 10:08:16 -0400
Message-ID: <CAJm83bCvuJTqoiP8SeYSwEceiJe90C+V8+3AfdgczJ-+L1sa9Q@mail.gmail.com>
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
X-SA-Exim-Connect-IP: 209.85.216.178
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: dfoxfranke@gmail.com
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] Antw: Re: Antw: Re: call for adoption (draft-dfranke-ntp-data-minimization)
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: ntpwg@lists.ntp.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
On 3/28/17, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote: > IMHO it would be consistent to set precision to 3 (the lowest possible > precision (0.125s) where NTP will start to work) and use 29 bits of > randomness then. Still a half billion attack packets might transit without > being detected, but I doubt that. 2**29 packets is about 541 gigabits including ethernet headers, so on a 1Gbps link is about a 0.18% chance of attacker success during the 1s MAXDIST window. On a 10Gbps link this becomes 1.8%. That's a big improvement over the status quo but still a non-negligible weakness. What's the benefit of randomizing anything less than the full 64 bits? _______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- [ntpwg] call for adoption (draft-dfranke-ntp-data… Karen O'Donoghue
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Paul Gear
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Miroslav Lichvar
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Miroslav Lichvar
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Salz, Rich via ntpwg
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Sharon Goldberg
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Miroslav Lichvar
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Aanchal Malhotra
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Miroslav Lichvar
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Harlan Stenn
- [ntpwg] Antw: Re: call for adoption (draft-dfrank… Ulrich Windl
- Re: [ntpwg] Antw: Re: call for adoption (draft-df… Harlan Stenn
- [ntpwg] Antw: Re: call for adoption (draft-dfrank… Ulrich Windl
- [ntpwg] Antw: Re: call for adoption (draft-dfrank… Ulrich Windl
- Re: [ntpwg] Antw: Re: call for adoption (draft-df… Hal Murray
- [ntpwg] Antw: Re: Antw: Re: call for adoption (dr… Ulrich Windl
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Harlan Stenn
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Daniel Franke
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Daniel Franke
- [ntpwg] Antw: Re: Antw: Re: Antw: Re: call for ad… Ulrich Windl
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Daniel Franke
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Salz, Rich via ntpwg
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Harlan Stenn
- Re: [ntpwg] Antw: Re: Antw: Re: call for adoption… Daniel Franke
- [ntpwg] Antw: Re: Antw: Re: Antw: Re: call for ad… Ulrich Windl
- [ntpwg] Antw: Re: Antw: Re: Antw: Re: call for ad… Ulrich Windl
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Miroslav Lichvar
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Greg Dowd
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… Daniel Franke
- Re: [ntpwg] call for adoption (draft-dfranke-ntp-… dieter.sibold
- [ntpwg] Antw: Re: call for adoption (draft-dfrank… Ulrich Windl
- [ntpwg] Antw: Re: call for adoption (draft-dfrank… Ulrich Windl
- Re: [ntpwg] Antw: Re: call for adoption (draft-df… Miroslav Lichvar