IETF Logo Mail Archive

Re: [ntpwg] Antw: Re: Antw: Re: call for adoption (draft-dfranke-ntp-data-minimization)

Daniel Franke <dfoxfranke@gmail.com> Tue, 28 March 2017 23:41 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33803126579 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 28 Mar 2017 16:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.093
X-Spam-Level:
X-Spam-Status: No, score=-1.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zrit3leDmXcT for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 28 Mar 2017 16:40:59 -0700 (PDT)
Received: from lists.ntp.org (psp3.ntp.org [185.140.48.241]) by ietfa.amsl.com (Postfix) with ESMTP id 951B2126BFD for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 28 Mar 2017 16:40:59 -0700 (PDT)
Received: from psp3.ntp.org (localhost.ntp.org [127.0.0.1]) by lists.ntp.org (Postfix) with ESMTP id 4FF6886DC2C for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 28 Mar 2017 23:40:59 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (fortinet.ntp.org [10.224.90.254]) by lists.ntp.org (Postfix) with ESMTP id 0CC4786DB18 for <ntpwg@lists.ntp.org>; Tue, 28 Mar 2017 23:40:56 +0000 (UTC)
Received: from mail-qt0-f180.google.com ([209.85.216.180]) by mail1.ntp.org with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <dfoxfranke@gmail.com>) id 1ct0jI-0006gq-OW for ntpwg@lists.ntp.org; Tue, 28 Mar 2017 23:40:56 +0000
Received: by mail-qt0-f180.google.com with SMTP id n21so21006qta.1 for <ntpwg@lists.ntp.org>; Tue, 28 Mar 2017 16:40:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=R8nu6Ffk2vvn3GwmnIKQN4p16L9/Vy2lsAg2S5FlXu8=; b=OEAvsgBzNFqHNmExnkoQ1738qtwgC6cB3Ik9QXRq7nC0Nj9Y/QDUU2Fy43BWy7BfWe Me1rJ6+DHFlnjcN9wEbhyzaK2qW0faqy2UHe2PIkaVDHn0+Y4Kl+7KQEK5T94nHmyGfO z6yfM8xqOgQlFxiXw38CkZVaZZq//98bHQwUhNjUvskoBAHLglafAt9IVD8brKte5L3p lkZUAKYRSlQ6MZLETssFdKhOb4XfYJRDy7jJSMCYs3VOkh4l8Pafc+Uv0uHSl0Q/Sowi dUvWJL7FB46V4ywkgUcFSfl1q33xblVvozQ+8lWC1ONcqp/6GfCwbfEo5AweIaqEyVqZ GQLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=R8nu6Ffk2vvn3GwmnIKQN4p16L9/Vy2lsAg2S5FlXu8=; b=pmnAcWTVy2Y2bRHjCTkiGB5HyxoWY9azWeiPjNmZstTVeCSuD2ZqRVkFU9e18CpsMf 3LRS4gOB99OmRC2/3k/2y8gJuFYVgRyM4Z/OtemrrYQBi9AkY6vpX5ixmkCkNHtKe1P4 RtdEqD86zfYrd9hopsE2J0MBD9HFBNX7vx7IGbxFsLHLgwsuLU4gWlEIGukeD0pAAd3N +Tc0nBnTUe96GtunqRFOaHE2lJ2usNZt+aghBTJZwgO4FcCEIO1Fss5DW1oK7XNqvlVl 1sa20XFzwt93764zHgS+Ke04TnJfk70aFUMwdFZONbdvF67bAjjT/O4Q0Ev4uTkA4yNR mhEw==
X-Gm-Message-State: AFeK/H2Qk5rM9GAIE4zf1rW0s5XW2o2vZhXLNBlQiA4YdWxqDUjYbimDVvQkEuTpqi7RIKKY37TyBDCUZm62Lg==
X-Received: by 10.237.42.164 with SMTP id t33mr31425483qtd.105.1490744447934; Tue, 28 Mar 2017 16:40:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.136.119 with HTTP; Tue, 28 Mar 2017 16:40:47 -0700 (PDT)
In-Reply-To: <33dc07d7-9c3b-a261-91f0-4c32b7f076a9@nwtime.org>
References: <CA564C5C-6CED-4810-BA2F-5433F2525249@isoc.org> <20170327133842.GK8192@localhost> <58D9FD22020000A1000255AD@gwsmtp1.uni-regensburg.de> <4cff4cd7-1eec-0e72-b235-1a8d65fc7fc4@nwtime.org> <58DA0F83020000A1000255CF@gwsmtp1.uni-regensburg.de> <CAJm83bCvuJTqoiP8SeYSwEceiJe90C+V8+3AfdgczJ-+L1sa9Q@mail.gmail.com> <33dc07d7-9c3b-a261-91f0-4c32b7f076a9@nwtime.org>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Tue, 28 Mar 2017 19:40:47 -0400
Message-ID: <CAJm83bBSrsmzHZCtFByLd_bzst=5SiO4b4da7urF3E=FHtHaSQ@mail.gmail.com>
To: Harlan Stenn <stenn@nwtime.org>
X-SA-Exim-Connect-IP: 209.85.216.180
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: dfoxfranke@gmail.com
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] Antw: Re: Antw: Re: call for adoption (draft-dfranke-ntp-data-minimization)
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: ntpwg@lists.ntp.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

On 3/28/17, Harlan Stenn <stenn@nwtime.org> wrote:
> Daniel, you're continuing to focus on and assume that:
>
> - nobody will notice or care about these spoofs.  The reference
> implementation from NTF/ntp.org reports these on both the client and the
> server side.

I've already addressed this upthread. Approximately zero percent of
users pay attention to these reports or even know they exist or how to
interpret them, and it is unreasonable to expect them to.

> - Once the client receives the response from the server, the origin
> timestamp is zeroed in the client so no more responses from the server
> will be accepted.

Again, I've addressed this upthread. If you insist on assuming a live
server, then plug in something like a typical ping time and multiply
the success probabilities in my calculation above by that time and
divide by 1 second. I don't think this has any qualitative impact on
the conclusion.

> For extranet communications, I'd likely choose 64 bits.  But I'd also
> consider this to be *my* policy choice.  If somebody has good reason to
> pick a different number, they should be able to.
>
> I would generally not choose information hiding or extra randomizing on
> internal NTP traffic.

Then nobody is trying to restrain you from adding a configuration
option to ntpd which allows the user to adjust this. But since the
vast majority of NTP traffic does go over the internet, I'm going to
continue to maintain that these timestamps SHOULD be fully randomized
and recommend that you make this the default configuration.
_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email