Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp

"Langer, Martin" <mart.langer@ostfalia.de> Mon, 08 March 2021 11:09 UTC

Return-Path: <mart.langer@ostfalia.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 267033A0A0B for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:09:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36gRQmd4O95U for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 03:09:52 -0800 (PST)
Received: from mx1.sonia.de (mx1.sonia.de [141.41.1.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 390703A09E0 for <ntp@ietf.org>; Mon, 8 Mar 2021 03:09:51 -0800 (PST)
Received: from mx1.sonia.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id ADFDE1C800CD for <ntp@ietf.org>; Mon, 8 Mar 2021 12:09:49 +0100 (CET)
Received: from exchange04.resource.sonia.de (exchange04.resource.sonia.de [141.41.8.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.sonia.de (Postfix) with ESMTPS id A964A1C800CA for <ntp@ietf.org>; Mon, 8 Mar 2021 12:09:49 +0100 (CET)
From: "Langer, Martin" <mart.langer@ostfalia.de>
To: NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
Thread-Index: AQHXEfmMSKND+BsUuke89/+0bAqpHap52TGAgAAU3aM=
Date: Mon, 8 Mar 2021 11:09:49 +0000
Message-ID: <02fd071141eb4b6ea94a8245af2d75f8@ostfalia.de>
References: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com>, <YEX+RYP1vXLgt5f8@localhost>
In-Reply-To: <YEX+RYP1vXLgt5f8@localhost>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [141.41.8.54]
Content-Type: multipart/alternative; boundary="_000_02fd071141eb4b6ea94a8245af2d75f8ostfaliade_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/zrQaP6TGURR_ClRT5wDdkdEQKQI>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 11:09:55 -0000

Hi all,


orginal text:

There might be a more general question that needs to be answered
first. What exactly it means for "NTS" to be applied to a time
synchronization protocol? IIRC we originally had a general NTS
draft and a separate NTS-for-NTP draft.

PTP, like the NTP broadcast mode, cannot be secured to the same extent
as the NTP client-server mode. We had some attempts and they failed.

If I understand it correctly, this draft is not trying to apply the
NTS-NTP principles to PTP. That's not possible. It just reuses the
NTS-KE protocol for its own security protocol. I think that's
perfectly fine as long as there is no confusion about the NTS part.


--

Miroslav Lichvar



Hello Miroslav,


The generic NTS draft has expired and was not continued.

The multicast connections are not comparable to the broadcast connections in NTP.
In NTP, TESLA-secured communication could be broken, because delay attacks are not
detectable. However, in PTP we have two-way communication (Delay Request/Response)
during multicast, which can be used to register runtime changes (RTT). However, a formal
analysis is indeed not available.

Our NTS4PTP design is still in the early phase. In my opinion, it is already fully functional, but
it could still have various design weaknesses. Of course they have to be eliminated ;)


best regards,

martin


-------------------
Martin Langer, M.Eng.
Ostfalia Hochschule für angewandte Wissenschaften
- Hochschule Braunschweig/Wolfenbüttel
University of Applied Sciences

Labor Datentechnik, Labor Design Digitaler Systeme
Fakultät Elektrotechnik
Salzdahlumer Straße 46/48
38302 Wolfenbüttel
Germany

Tel.: +49 5331 939 43370
Web: https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer



________________________________
Von: ntp <ntp-bounces@ietf.org> im Auftrag von Miroslav Lichvar <mlichvar@redhat.com>
Gesendet: Montag, 8. März 2021 11:36
An: Watson Ladd
Cc: NTP WG
Betreff: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp

On Fri, Mar 05, 2021 at 11:55:22AM -0800, Watson Ladd wrote:
> I think this is an important draft that covers a real usecase, but
> should try to break the flow of NTS a bit less. I hope these comments
> are useful.

There might be a more general question that needs to be answered
first. What exactly it means for "NTS" to be applied to a time
synchronization protocol? IIRC we originally had a general NTS
draft and a separate NTS-for-NTP draft.

PTP, like the NTP broadcast mode, cannot be secured to the same extent
as the NTP client-server mode. We had some attempts and they failed.

If I understand it correctly, this draft is not trying to apply the
NTS-NTP principles to PTP. That's not possible. It just reuses the
NTS-KE protocol for its own security protocol. I think that's
perfectly fine as long as there is no confusion about the NTS part.

--
Miroslav Lichvar

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp