IETF Logo Mail Archive

[Ntp] Antw: [EXT] NTP WG virtual interim -- Thursday, 17 September 2020, 1530 - 1700 UTC

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Mon, 31 August 2020 06:45 UTC

Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C0353A0F9E for <ntp@ietfa.amsl.com>; Sun, 30 Aug 2020 23:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oy05pZP8r5_E for <ntp@ietfa.amsl.com>; Sun, 30 Aug 2020 23:45:51 -0700 (PDT)
Received: from mx4.uni-regensburg.de (mx4.uni-regensburg.de [194.94.157.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2191B3A0F97 for <ntp@ietf.org>; Sun, 30 Aug 2020 23:45:50 -0700 (PDT)
Received: from mx4.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id D71AF600004E for <ntp@ietf.org>; Mon, 31 Aug 2020 08:45:47 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx4.uni-regensburg.de (Postfix) with ESMTP id 205A5600004A for <ntp@ietf.org>; Mon, 31 Aug 2020 08:45:45 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 31 Aug 2020 08:45:45 +0200
Message-Id: <5F4C9C96020000A10003AFFA@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.2.1
Date: Mon, 31 Aug 2020 08:45:42 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: "ntp@ietf.org" <ntp@ietf.org>, odonoghue@isoc.org
References: <3FBC06BC-A42A-42BA-B2E4-15C4B19FF829@isoc.org>
In-Reply-To: <3FBC06BC-A42A-42BA-B2E4-15C4B19FF829@isoc.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/zFMF5-_Qaru26iXZ-B3TlEscNZg>
Subject: [Ntp] Antw: [EXT] NTP WG virtual interim -- Thursday, 17 September 2020, 1530 - 1700 UTC
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 06:45:53 -0000

>>> Karen O'Donoghue <odonoghue@isoc.org> schrieb am 28.08.2020 um 19:42 in
Nachricht <3FBC06BC-A42A-42BA-B2E4-15C4B19FF829@isoc.org>:

...
> 4. Call for Adoption results/discussion on
draft‑mlichvar‑ntp‑alternative‑port
...

I wonder: If adopted, how would it be implemented most likely? When done at
network/transport level at some gateway:
If incoming traffic to TDB is redirected to port 123 _if_ it's not mode 6 or
mode 7, then the filtering could be done right on port 123. Likewise for
outgoung traffic.

Is this RFC basically for:

Inability of firewall firmware to do proper filtereing?
Inability of network administrators to apply the correct filters ("Don't
panic", but they still do)?

Seeing that firewalls try deep packet inspection, I wonder whether the RFC is
needed, specifically: How long will it take to have a significant effect? If
you assume port 123 is blacklisted on some sites, it may be effective when all
the NTP software had been updates, but when allowable ports are whitelisted,
then the lack of port 123 being allowed doesn't help for the alternate port...

Regards,
Ulrich

v2.23.0 | Report a Bug | By Email