IETF Logo Mail Archive

Re: [Ntp] Quick review of WGLC for status change for draft-ietf-ntp-update-registries

Miroslav Lichvar <mlichvar@redhat.com> Tue, 09 August 2022 08:00 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E33C15A734 for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 01:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.689
X-Spam-Level:
X-Spam-Status: No, score=-7.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D74Lzy2wonwb for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 01:00:40 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1A8C15A733 for <ntp@ietf.org>; Tue, 9 Aug 2022 01:00:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1660032039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ChRJ4WBHS4wEg879K128R0SXOH6CLq9ACYncumF4Xss=; b=AJHEBODC+rJDv9s5DumgxnUsrBMRY38UYaF2r8aocDt/vqvJ9/cwqJi2EVh7DM6gOqVC8M XapaRHmUYP9IKwNP2pQjlCFMLhAjCO5Mg+CwYVo1xhzcUOqrkq+46jupBk+XLpxjyxWaQc y4Ouh1qINVVhQlkHnPXRA9R3PmSSugo=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-457-aBG9Hi3CMOKaeKftPoW6TA-1; Tue, 09 Aug 2022 04:00:37 -0400
X-MC-Unique: aBG9Hi3CMOKaeKftPoW6TA-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 60B2F18A0161; Tue, 9 Aug 2022 08:00:37 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E423D140EBE3; Tue, 9 Aug 2022 08:00:35 +0000 (UTC)
Date: Tue, 09 Aug 2022 10:00:34 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
Message-ID: <YvIUIu1LaloEjJMb@localhost>
References: <PH0PR06MB7061FA7A5B338D262B3A2963C2999@PH0PR06MB7061.namprd06.prod.outlook.com> <6a187a2f-9883-2fb5-1f51-1593591ddebb@nwtime.org> <PH0PR06MB706126984E4442EF32F8242AC2999@PH0PR06MB7061.namprd06.prod.outlook.com> <da155c84-2c70-2e3b-59eb-03e380806cf2@nwtime.org> <PH0PR06MB70611F2331D8255F7E2B6604C2999@PH0PR06MB7061.namprd06.prod.outlook.com> <0b4c7efa-3977-b588-0974-33b6a9437e52@nwtime.org> <YvDWC27qKnODlD52@localhost> <0b57b7db-772e-f5e6-e6a0-a433673f3d77@nwtime.org> <YvED7T5R0UsRWbv3@localhost> <b64c6a0a-ea2e-0a19-4bb9-38bfaa2e5032@nwtime.org>
MIME-Version: 1.0
In-Reply-To: <b64c6a0a-ea2e-0a19-4bb9-38bfaa2e5032@nwtime.org>
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/zEis79mWo1S-7akdwgBldQyGEEY>
Subject: Re: [Ntp] Quick review of WGLC for status change for draft-ietf-ntp-update-registries
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 08:00:40 -0000

On Mon, Aug 08, 2022 at 06:46:13PM -0700, Harlan Stenn wrote:
> Before I go on, what are the "conflicts with properly specified extension
> fields"?

Experimental EFs can conflict only with other experimental EFs, but
not EFs that have an RFC with the types assigned by IANA.

The idea is that you don't have to tell anyone that you are using an
experimental EF.

> > chrony does not support Autokey. It doesn't care that keys with some
> > specific IDs are generated automatically. It cannot authenticate as an
> > Autokey server and will not accept a response from an Autokey server.
> 
> Sure.  And if chrony tries to use a KeyID that is "out of range" with ntpd,
> what happens?

The same as if it was an "in the range" unknown key?

> I'm curious about the collision with an NTS extension field.  I suspect that
> was simply a result of poor programming on the implementor's side, but I
> could be wrong.

The value was chosen by the first NTS implementation. As the Autokey
values used by ntpd were not documented anywhere, we didn't realize
there was a conflict until it was too late.

Now, with this draft that we are discussing here all values will be
documented and a similar conflict will hopefully not happen again.

> 
> Earlier you wrote:
> 
> > With an
> > experimental extension field the user is responsible to enable it only
> > if the server is known to support it.
> 
> If that statement from you is correct, then was the collision with an NTS EF
> the result of responsible or irresponsible user behavior?

It was the result of ntpd not following the Autokey specification.
We didn't have an experimental range defined yet.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email