Re: [Ntp] Mandatory confidentiality for ntpv5

Miroslav Lichvar <mlichvar@redhat.com> Thu, 21 October 2021 15:38 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243893A180A for <ntp@ietfa.amsl.com>; Thu, 21 Oct 2021 08:38:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jwbpKwmuzQ3 for <ntp@ietfa.amsl.com>; Thu, 21 Oct 2021 08:37:55 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EC4C3A17FE for <ntp@ietf.org>; Thu, 21 Oct 2021 08:37:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634830673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=MxPQCTFGTG7waU48eKzU3+PqBTqsqWW3lB6RHlP1u/8=; b=N+Nvfeh0xECOdaFso5NCzBgZW2nSw2VJVhhSOpn0pdsvmdj+4RdQ1l9Z341CL+BXhNVm7I +U33KNlJAG/6wybVdYfKsnHDzJcRjUlppBtDjET+FTFg+9DYp1FaJ5zqVVLkG9DCdfi5V/ WX2EssiI65NaTt0Iij11wJOzLM4UszQ=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-213-Xli_rUjVPgevVZ_00Wrs4g-1; Thu, 21 Oct 2021 11:37:49 -0400
X-MC-Unique: Xli_rUjVPgevVZ_00Wrs4g-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A0100100B700; Thu, 21 Oct 2021 15:37:48 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BC163ADD9; Thu, 21 Oct 2021 15:37:47 +0000 (UTC)
Date: Thu, 21 Oct 2021 17:37:46 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Martin Burnicki <martin.burnicki=40meinberg.de@dmarc.ietf.org>
Cc: Hal Murray <halmurray+ietf@sonic.net>, ntp@ietf.org
Message-ID: <YXGJSprvhhXR27Wj@localhost>
References: <20211021113635.6576528C157@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <faea6fa2-b269-94b8-f101-f00ebe4ed584@meinberg.de>
MIME-Version: 1.0
In-Reply-To: <faea6fa2-b269-94b8-f101-f00ebe4ed584@meinberg.de>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/wxaU0EzSupyL0YrKFxjhw8pcNAw>
Subject: Re: [Ntp] Mandatory confidentiality for ntpv5
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 15:38:00 -0000

On Thu, Oct 21, 2021 at 03:33:27PM +0200, Martin Burnicki wrote:
> Hal Murray wrote:
> > How does current NIC firmware decide which packets to time stamp?
> 
> I#m not familiar with too many different NICs, but I know that some have a
> hard-coded pattern e.g. for PTP packets, and others have a configurable
> packet matcher, to which you can download a specific pattern.

The hardware that has L4 PTP-specific timestamping that I have
experimented with seems to check for UDP port 319 and 320, and that
the PTP message type is between 0 and 3, or it is one specific value
(this is useful for server-only or client-only configurations).
Interestingly, it doesn't seem to match in the upper range of
(currently unspecified) event messages (4-7), so I suspect PTP might
be stuck with the existing four types unless it's willing to break
compatibility with existing hardware.

> Anyway, as far as I know, you would have problems to detect the network
> packets that are to be timestamped if the packets are fully encrypted.

Right.

> And, similar to the topic above, IMO it would be too expensive to timestamp
> all packets and drop most of them in which no NTP or PTP daemon is
> interested.

I think it's more about being able to save the actual timestamps. Some
hardware has only a small number of registers for receive timestamps,
so the rate of the timestamping has to be limited by timestamping only
messages that need it (i.e. PTP event messages). Other hardware can
provide a timestamp for every received packet, which just wastes a bit
of the PCIe bandwidth.

-- 
Miroslav Lichvar