IETF Logo Mail Archive

Re: [Ntp] Magnus Westerlund's Discuss on draft-ietf-ntp-using-nts-for-ntp-23: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 18 March 2020 15:08 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63E823A170C; Wed, 18 Mar 2020 08:08:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1H7GooW8_xrG; Wed, 18 Mar 2020 08:08:30 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on061a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::61a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98BFF3A170A; Wed, 18 Mar 2020 08:08:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z4JRMJWTmiMtvD1OAXOwaaz73sx58GULVOVNYi7PFeHhIJLs0zByKQbRZrnKOs77+YFWJ8H+bpCO0rQbq+fukuaRJu7trkMsQDHP9tFwaXJFyEcOumFBNm5JPUULkAwuQ2dMjNhQVCqdt6qwxpYLCuRuGFJ+/0obSvYAKrgF4tEkSGiOapds1GyXxC24RFDPXDvv4Yqr6zX+ay8a5m5AnBeHQuHyrBJYCJstmG7h+92NZ4jGa824dYwkcuk5GO4gGWxxcz6nHBHI/RQPouLuL2jZIM5SeUjHVuxHlIws3UIXWXyvUgpln74nB+OQpJESJSG943ljBUi+CtzQG+CL1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=Lc7QKXHMUI5l1kRqP1zlpmrMa8Vx2sgzAy6mcgVz39Y=; b=NTc/CI/TU+UdOUzQcdFQwaSWNqX5Egpvpllf9UXSQgIZND/CiwJ+MFARQm4aUwd1ufXIvJpZBq40nODOmq1K7VtOYq6MjciZfXZIOksOZXfuy/f19wtRndNof3X71rHCcdpLaesnmU6RcHw/CcBLNGrluWSCBmZAW5JBMqJnaP33vxBUD4e3HlYnOfQaFyWXg6wvNrRD6zoKP7eX8ylebn6UylOcngZ6Fyfgh7/d7I78u7vwRMvB8uxXq3HUT7KJdv+N1FI6zDnvjHiYmOshFwVaqGASCuRe1n0M1l5/99AaSOvsYze3qoOsr9qslgcRmGj/u8EjPWjfGbs1wlvM4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=Lc7QKXHMUI5l1kRqP1zlpmrMa8Vx2sgzAy6mcgVz39Y=; b=umlvSSC4iC2WyCLestSaB9Nqhl23RhlT3VcuE3P/jVr1LSdwUdiJHzaN2CtX2C9DOmEPRdlwYXzSX4lAlpdxMZQOPM8YwlzjmtHOd5nUGliOQhcZtTsPJoIGDRKJaMqQ98b5Fe8ajtGKyvgAOpRrvvM4D71zPBrNKh6xWHrH7o0=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (52.133.7.14) by HE1PR0702MB3833.eurprd07.prod.outlook.com (10.167.126.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.7; Wed, 18 Mar 2020 15:08:26 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::8bd:85b0:d547:9eed]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::8bd:85b0:d547:9eed%6]) with mapi id 15.20.2835.017; Wed, 18 Mar 2020 15:08:26 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dafranke@akamai.com" <dafranke@akamai.com>, "iesg@ietf.org" <iesg@ietf.org>
CC: "draft-ietf-ntp-using-nts-for-ntp@ietf.org" <draft-ietf-ntp-using-nts-for-ntp@ietf.org>, "ntp-chairs@ietf.org" <ntp-chairs@ietf.org>, "ntp@ietf.org" <ntp@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>
Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-ntp-using-nts-for-ntp-23: (with DISCUSS and COMMENT)
Thread-Index: AQHV/TEWHNsy1MluK0+5OVNfIPIiHKhOcFyAgAAA2XA=
Date: Wed, 18 Mar 2020 15:08:26 +0000
Message-ID: <HE1PR0702MB37723603831471DEFE588C7795F70@HE1PR0702MB3772.eurprd07.prod.outlook.com>
References: <158454150813.29809.9724997411760904817@ietfa.amsl.com> <1584543371988.30966@akamai.com>
In-Reply-To: <1584543371988.30966@akamai.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [158.174.118.23]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fc2840fd-d100-4d4a-0c35-08d7cb4e35d4
x-ms-traffictypediagnostic: HE1PR0702MB3833:
x-microsoft-antispam-prvs: <HE1PR0702MB383346C4DA7B5BA5379EB53995F70@HE1PR0702MB3833.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03468CBA43
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(136003)(39860400002)(396003)(366004)(199004)(4326008)(8936002)(9686003)(186003)(71200400001)(44832011)(81166006)(81156014)(55016002)(33656002)(8676002)(86362001)(478600001)(64756008)(66446008)(2906002)(7696005)(52536014)(54906003)(76116006)(5660300002)(66616009)(66946007)(26005)(66556008)(66476007)(53546011)(316002)(6506007)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0702MB3833; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: MfCuSSwyRJsYl8tnt/2FuCEJvm4MTWEVbduwJ/S1npFKKIa1hZpz4QD/LDM04VcuopUHQh+yHaS/SHjA1tzjJHFYKshnuPDixvRVWZdUnRU5MM+M2jBzPN/4dKZaG2eA7OpAtLZ8CXeLWUu3DlbVyYIA9R8Nn9wXQ55dB7jAgy5ClZUv54l751b59yJFACo20CD0WbzBWIMqmxkT130o2YEzl7Nzk3toRw2LuJpPaNfGu8+C6u2nfQtEBNlR0MU0Reg7fGb0h9TUhLCI3VBQJ9RAE9LehWaq6XFu+Rg2NrMXwGQ8UknfnKivCGfsqDDUj1z1ry5YAj44CKpyX5Qu4g+79CeklJvkNNZTThFQNmcfkasWXtEVw1UMpjhIMxOqMVcNnJvZljGmV4RJGutBx+dY+a8KRIpmHpGqotVXOE9Fsh97Ek8PIVUVMdjnKxRZ
x-ms-exchange-antispam-messagedata: I5nsQ7ia6ZAvXdZZtIhnQX47W37rXiH8upqYQZBf9pMpuEtwuiID2onxUEikBtg0Mcik4qpydCY7Flb64X/ugetYvIZUAA0USLaOxgwxSLVyytRFMYC1y4ZKIoam0E7vXnkjNz41RLfJxA32CArhbA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0052_01D5FD3F.7448C230"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fc2840fd-d100-4d4a-0c35-08d7cb4e35d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2020 15:08:26.6261 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bI217+aCS58a89KZVnAEreYSFQ+x1COHi0lE9/O69Un6Hw4uawWR67NNar6zIkKoo+AutdlKXcCM4LEEDtLui1Ca6c4Z3zKyHsKZ4DvEg7U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3833
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/W0ai-IVMwAlETDDE2xSB_dkr5Ms>
Subject: Re: [Ntp] Magnus Westerlund's Discuss on draft-ietf-ntp-using-nts-for-ntp-23: (with DISCUSS and COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 15:08:35 -0000


> -----Original Message-----
> From: Franke, Daniel <dafranke@akamai.com>
> Sent: den 18 mars 2020 15:56
> To: The IESG <iesg@ietf.org>; Magnus Westerlund
> <magnus.westerlund@ericsson.com>
> Cc: draft-ietf-ntp-using-nts-for-ntp@ietf.org; ntp-chairs@ietf.org;
> ntp@ietf.org; Karen O'Donoghue <odonoghue@isoc.org>; Karen
> O'Donoghue <odonoghue@isoc.org>
> Subject: Re: Magnus Westerlund's Discuss on draft-ietf-ntp-using-nts-for-
> ntp-23: (with DISCUSS and COMMENT)
> 
> Thanks Magnus. I'll confer with my co-authors on how to handle the address
> family issue as I don't think it's come up. My first impression on the
issue is
> that the Right Thing is that if the client didn't send any server
negotiation
> record, then the NTS-KE server SHOULD respond with an NTP server address
> in the same family as the NTS-KE session, if one is available. If the
client does
> send a server negotiation record, then the NTS-KE server SHOULD reply with
> that same record if it is still valid, and otherwise behave as if the
client had
> not included any server negotiation record.

I think this sounds reasonable.

> 
> As to replay protection: it is not expected that the client keep a history
of
> more than one unique identifier. Since unique identifiers are 256-bit
random
> numbers, clients can neglect the probability of collision. NTP clients
will
> generally have only one packet in flight at a time to given server and
will
> discard old packets that arrive out-of-order; this much is how NTP has
always
> worked isn't new to NTS. Would adding a parenthetical of "(except with
> negligible probability)" to "MUST NOT duplicate those of any previous
> request" be sufficient to resolve this DISCUSS point?

So the MUST NOT is one part, and such an addition would resolve that issue.
However, I still think the replay protection could benefit from a bit more
clarification. Especially as it appears to be easier in some sense than I
would expect from other protocols. However, it appears to be related to a
bit more the NTP protocol functions than the Unique ID field and this could
benefit from have a description. 

Will follow what text changes the other's comment results in. 

Cheers

Magnus Westerlund

v2.23.0 | Report a Bug | By Email