IETF Logo Mail Archive

Re: [Ntp] SNTP, Old crufty software

Martin Burnicki <martin.burnicki@meinberg.de> Fri, 12 August 2022 07:27 UTC

Return-Path: <martin.burnicki@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3699CC131C42 for <ntp@ietfa.amsl.com>; Fri, 12 Aug 2022 00:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1TKCWFP18sK for <ntp@ietfa.amsl.com>; Fri, 12 Aug 2022 00:27:08 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6765AC13485B for <ntp@ietf.org>; Fri, 12 Aug 2022 00:27:06 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 5FF6071C02D8; Fri, 12 Aug 2022 09:27:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1660289224; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=suetGwbbLjiAzMGUCEegFqBhi4QgXURv/LVAtz49CLs=; b=bBh5qqAJ2u8UlVgEQs5SSXTflBa/Vwu5XxokxsBiOS9mUShraG3XkoUVuHOkLt9JkzjUfi VNgr1hOtqWkz8LmB1FrcWvNOFbbTW8f1YoEIkc47peFe+Oiv8++3C0JL2i+Mib3wrjr7Wm Z5plIfQFHKveoO7ItfQb4GvKMCtt6rLz3H+AGEHYvL2UZCElYWxNdyDCZ3DzpRovGCuWmf qz6hoTpIlluucchDdTkuRSngQs+7mYmlU+dbFPwcBDQaAxnxswpS1BCUAgpk5GiKMCEJSD O2kRTJmXkVWzb/IEpf1wGQXyhqaxc/jLp0iwzP5mUlZak0yyQ3ZgPnoCxrDaJg==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Fri, 12 Aug 2022 09:27:03 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
Received: from localhost ([127.0.0.1]) by srv-kerioconnect.py.meinberg.de with ESMTPSA (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)); Fri, 12 Aug 2022 09:27:02 +0200
Message-ID: <81fa5730-04d0-5bad-565b-908404a71123@meinberg.de>
Date: Fri, 12 Aug 2022 09:27:02 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: Hal Murray <halmurray@sonic.net>, ntp@ietf.org
References: <20220811222515.06CF528C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
From: Martin Burnicki <martin.burnicki@meinberg.de>
Organization: Meinberg Funkuhren GmbH & Co. KG, Bad Pyrmont, Germany
In-Reply-To: <20220811222515.06CF528C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------0eX6Cof30DUIEw0ckGiNccX0"
X-SM-outgoing: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/xaQZyNUc4ygfGe_JXZlsBUKXogg>
Subject: Re: [Ntp] SNTP, Old crufty software
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 07:27:13 -0000

Hal Murray wrote:
> 
> There is a lot of NTPv1 traffic out there.  It's ballpark of 1% of the traffic
> to pool servers
> 
> I have credible reports that some of the NTPv1 traffic is from reasonably
> modern gear.

That's exactly what I'm assuming, as I've mentioned earlier.

The question is how a good server should deal with such requests. From 
our customers I know that they would really like it if they bought an 
NTP server from us, and even the devices on the customer's network that 
come with dumb client software can at least get the time from the server.

That won't work if the server rejected or discarded requests only 
because they have "v1" as version code.

I remember some years ago when Windows XP/Server 2003 was current, the 
dumb SNTP client (w32time) shipped with that Windows versions sent 
"peer" requests to the NTP server by default,

Of course the NTP server could just discard such requests, but that 
would users ask if you had a workaround for the problem. As a result a 
hack made it into ntpd which let the server send appropriate responses 
to such clients anyway, which made the life of Windows admins much 
easier and didn't cause any harm even though the intended behavior was 
not met.

So for cases like this I agree with Harlan when he said that the server 
should be tolerant to requests.

> Has anybody looked at RFC 4330 (SNTP) lately?  It's 27 pages.  Much of it is
> not useful if you are only intereted in the S part of SNTP.  It's a lot less
> simple than it could be.

Since SNTP basically uses the same packet format as NTP, in my opinion 
the real S(imple) attribute refers to the way the packet exchange is 
evaluated at the client side.

I've seen implementations where the client didn't even try to compensate 
the network delay, and just used the server's transmission time stamp to 
adjust the client time. Probably because the programmers though that the 
resulting accuracy id "good enough".

And of course, such an implementation is not suitable to act as server 
for full-featured clients.

> ------------
> 
> I think it's time for another pass at the greater SNTP area.
> 
> I'm focused on code that will go into firmware and won't get updated with
> typical distro updates, if ever.
> 
> I see three parts.
> 
> The first is that we have to agree on what will be supported for a long time.
> I assume that is a simple NTPv4 Client/Server exchange with no MACs or EFs.
> 
> The second is the protocol level.  I think we need a simple description of
> what you get from a protocol exchange, how local clocks operate, and the
> choices/benefits between ultra simple and not quite so simple.
> 
> I assume we should have sample code.  Can we maintain that off to the side
> rather than frozen in a RFC?
> 
> The third is operational. We need a BCP for people writing/distributing
> firmware and those who will be using/supporting that firmware.
> 
> We should get some of the firmware writers/users in the review process.

Of course, all of the above would be nice to have. However, I doubt that 
developers who don't even RTFM how to correctly set up a basic request 
packet will read this.

> -----
> 
> I propose that SNTP requests (Client mode) should (ab)use an otherwise unused
> timestamp field to hold a text string for vendor info.  That will allow
> operational people to identify which gear is causing problems.

Once more, I doubt that programmers that don't get a basic request 
packet set up properly will put anything useful.

IMO the problem is the same as with the kiss-of-death feature: "Good" 
clients that behave well will probably never receive such a packet from 
a server, and clients that are misbehaving won't care anyway and won't 
reduce their polling rate.

> -----
> 
> Is anybody using SNTP interested in security?

I don't think so for the reasons mentioned above.


Martin
-- 
Martin Burnicki

Senior Software Engineer

MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki@meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/

Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg, 
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de  https://www.meinbergglobal.com

v2.23.0 | Report a Bug | By Email