Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
Miroslav Lichvar <mlichvar@redhat.com> Mon, 18 October 2021 14:33 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9929B3A1480 for <ntp@ietfa.amsl.com>; Mon, 18 Oct 2021 07:33:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HkMheOjVuj3K for <ntp@ietfa.amsl.com>; Mon, 18 Oct 2021 07:33:53 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DEF03A144E for <ntp@ietf.org>; Mon, 18 Oct 2021 07:33:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634567630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Wb23INDcH37kFwmL35fB2L5t+SuIKg7SkG3HMGKGQzo=; b=VX6qVA5Uhfc623FAkaM745HD5nyyiiCZTDGkf/xHqHfJU8fGp4Lu9raW2wxreH1268iCK2 REaetoONoZy7M2xH0PE4RzQ2CJZEozxyzWGOjOVjJxlov/CzBL+oYfYFJlU0laRUELGtKq mkClN0nhCLZ8mSvTrLlmI8mCdQKO9Yo=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-296-iUI1g1FDOSKuPX4um45IIw-1; Mon, 18 Oct 2021 10:33:45 -0400
X-MC-Unique: iUI1g1FDOSKuPX4um45IIw-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C2562101B4A1; Mon, 18 Oct 2021 14:33:43 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9B43C60C17; Mon, 18 Oct 2021 14:33:42 +0000 (UTC)
Date: Mon, 18 Oct 2021 16:33:33 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: James <james.ietf@gmail.com>
Cc: Doug Arnold <doug.arnold@meinberg-usa.com>, NTP WG <ntp@ietf.org>
Message-ID: <YW2FvUiaHC/hbxkG@localhost>
References: <163386015957.12424.6997038478834885480@ietfa.amsl.com> <CAO+dDx=6baLhf9LwSMvR1F0ieuLO6NXmExYLDvcCF2tgchHs8w@mail.gmail.com> <DB8PR02MB5772AC97BFE2D7C1139EFDC0CFB89@DB8PR02MB5772.eurprd02.prod.outlook.com> <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com>
MIME-Version: 1.0
In-Reply-To: <E469D9A7-7445-49D9-A8A2-82BA7BF1FA27@gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/wbIgW5CIdQ9jjBu6WtMfmABdy3M>
Subject: Re: [Ntp] New Version Notification for draft-gruessing-ntp-ntpv5-requirements-03.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2021 14:34:06 -0000
On Fri, Oct 15, 2021 at 11:27:20AM +0200, James wrote: > > On 15 Oct 2021, at 00:45, Doug Arnold <doug.arnold@meinberg-usa.com> wrote: > > Encryption and authentication MUST be provided by the protocol specification as a default and MUST be resistant to downgrade attacks... > > To put this another way, I think the specification must provide confidentiality as well as authentication, and that if either is applied they cannot be removed from a connection (aka a security downgrade) which makes authentication the minimum and doesn’t necessarily mandate confidentiality. I still don't understand this part. What do "as a default" and "authentication the minimum" exactly mean? What information needs to be encrypted? Everything? The first octet cannot be encrypted to allow detection of NTPv5 packets on the port 123. For NTPv5 to be successful in replacing NTPv4, I think it needs to support no authentication, symmetric keys and NTS. > This section in particular could probably use some editing and clarification to better explain this [1] as we’ll likely need consensus calls made. > > > 2. I think that it is better to allow leap smearing and make it a visible part of the protocol than to pretend it is not going to happen. On this topic I think that Miroslav’s proposal was more realistic. Data center network architects tell me they definitely plan to continue to do leap smearing. > > In other use cases such as publicly accessible NTP, leap smearing has effectively fragmented the pools of services a given host can use as mixing smeared and non-smeared services is not a good idea, in addition to the start/end and cadence of smearing being inconsistent between providers [2]. I think that having a “linear, monotonic timescale” and leap smearing together are contradictory and so having smearing in the wire format would requiring changing that. My proposal doesn’t prevent smearing of a clock being synchronised, it’s about removing the smear from the wire. They can be supported both as different timescales, server responding in the one that the client has requested. If you don't allow leap smearing in NTPv5 at all, I suspect people will either stick to NTPv4, missing the important improvements in NTPv5, or ignore the specification and use a leap-smeared version of NTPv5 anyway. Same for UTC vs TAI. It seems we need to agree on some very high level goals for NTPv5. Is it supposed to replace most NTPv4 use cases? Is it supposed to be implementable on current operating systems? -- Miroslav Lichvar
- [Ntp] Fwd: New Version Notification for draft-gru… James
- [Ntp] Antw: [EXT] Fwd: New Version Notification f… Ulrich Windl
- Re: [Ntp] Fwd: New Version Notification for draft… Doug Arnold
- [Ntp] Antw: [EXT] Re: Fwd: New Version Notificati… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Doug Arnold
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Hal Murray
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] New Version Notification for draft-grue… James
- Re: [Ntp] New Version Notification for draft-grue… Salz, Rich
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- Re: [Ntp] New Version Notification for draft-grue… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- [Ntp] Antw: [EXT] Re: New Version Notification fo… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Tony Finch
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Tony Finch
- [Ntp] Antw: Re: Re: Antw: [EXT] Re: New Version N… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… Dieter Sibold
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Martin Burnicki
- [Ntp] Antw: Re: Antw: [EXT] Re: New Version Notif… Ulrich Windl
- Re: [Ntp] New Version Notification for draft-grue… Hal Murray
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Martin Burnicki
- Re: [Ntp] New Version Notification for draft-grue… Doug Arnold
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Doug Arnold
- Re: [Ntp] New Version Notification for draft-grue… kristof.teichel
- Re: [Ntp] Antw: [EXT] Re: New Version Notificatio… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… James
- [Ntp] Antwort: Re: New Version Notification for d… kristof.teichel
- [Ntp] Antwort: Re: Antw: [EXT] Re: New Version No… kristof.teichel
- Re: [Ntp] Antwort: Re: New Version Notification f… Doug Arnold
- Re: [Ntp] Antwort: Re: New Version Notification f… Danny Mayer
- Re: [Ntp] New Version Notification for draft-grue… Steve Allen
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: New Version N… Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New Ver… Ulrich Windl
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New Ver… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Martin Burnicki
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Antw: [EXT] R… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] Re: New… Doug Arnold
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Denis Reilly
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Doug Arnold
- Re: [Ntp] [EXTERNAL] Re: Antw: Re: Antw: Re: Antw… Martin Burnicki
- Re: [Ntp] changes in length of day, was Re: New V… Tony Finch
- [Ntp] Antw: Re: [EXTERNAL] Re: Antw: Re: Antw: Re… Ulrich Windl