IETF Logo Mail Archive

Re: [Ntp] NTS IANA request

Daniel Franke <dfoxfranke@gmail.com> Fri, 07 June 2019 20:32 UTC

Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6862F1200C7 for <ntp@ietfa.amsl.com>; Fri, 7 Jun 2019 13:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2sbHlslSaJb for <ntp@ietfa.amsl.com>; Fri, 7 Jun 2019 13:32:22 -0700 (PDT)
Received: from mail-it1-x136.google.com (mail-it1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A80571200C3 for <ntp@ietf.org>; Fri, 7 Jun 2019 13:32:22 -0700 (PDT)
Received: by mail-it1-x136.google.com with SMTP id r135so4752627ith.1 for <ntp@ietf.org>; Fri, 07 Jun 2019 13:32:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=K5wTI+HcHJLm2kz8uFjpc39nxLI617q5nTEoTPMqhzc=; b=n21FZ5pMF/LylPdLAWhVB0qqd1zeW+xScLz8VWxSQwbNXKwfFRpW2oWgXij6rgVVvh qmp1gdwvq/Qt/mk7HR2DPQqhBqJIh0iEq0Bm8UMWOnAoq+owpjPxOAKmKGu5J83OLAFu HQJ0YiqXw7g0GGkK63jBgeamOdgmhZNC2DioKEG922A6CMdxN8e3XrOaMtFml+cxDN5G y7QUfGwFMpnaOXe2vGineoVOwXRCb0YZ3kKWWGCgT0t73f7eY/RCND/rPl8FIWbJo0/E TzWe+GBtpbcGIWfBi3eanqK8tIE2pDW5mx+3zEpicdv5t0oY42BGlmQdtjzR8v0MtxdL 8+og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=K5wTI+HcHJLm2kz8uFjpc39nxLI617q5nTEoTPMqhzc=; b=B/A38uTRJRm1bb+PBmr6aHeJ5D5m/wovHqj4KOnz3/aio5R7tCRABKmVhAh8vwHQr6 YjPGHJp/HFDlvWsZcQgi646LnV4FuTVjEeSX2nWJvNQL7W9pk4xUkX60PMU9m0oMNtah iDU7at5Ly70//S02WbMrcoC53L9UGl/hy1h930vgYeTkA9PSIanWpz+1iF4jr6a0YH99 uqsmgrslqIGDss9Rf+DcrGLDgevYZn3jQqol6wBGsuouHOa5PNBWz2wQJZPAhr4o8lco bAbCctB09Hq+NtKVQt20qEZHsQU/nZ4qR8mJF8xKaCAmpsiuSHOPM6lUXUvRN6zO6iwW yqXA==
X-Gm-Message-State: APjAAAUaEe196svHe3mUDn8VW9CpbltHNyrbn/IfL86N8eUFGyWV1Ogp olgr2z9yLjPuffubCBNR2HO2KJ19ZDSF3QwJz1k=
X-Google-Smtp-Source: APXvYqz8p3vdyVsdIEVZnYCbpDOwgLUKuB/buRiaOgR1YYXfrUcWB88fCHW7IcC2jOReFxjZQQCLV7DbCuUId/CTyDc=
X-Received: by 2002:a24:27d0:: with SMTP id g199mr5444452ita.167.1559939542018; Fri, 07 Jun 2019 13:32:22 -0700 (PDT)
MIME-Version: 1.0
References: <CAN2QdAH9Uh_wYSEizgYTjd4Q6VFQT+tvH8dnbPgKKc59+vEfng@mail.gmail.com> <a123d81b-4994-9e35-58eb-6845cf439f91@nwtime.org> <20190605164753.6e71fcaa@rellim.com> <03055E77-EB42-494E-A231-039C4603E256@akamai.com> <CAJm83bDYZ+vcwkhFEf2YCAVwKcSm7rEgbuB0Wwsvm5XVVAMjuQ@mail.gmail.com> <C8E4189E-E3A1-4926-AF0F-93BE9C7255C8@akamai.com> <CAJm83bBkU91st1CFAsx+JCLpxXyWOQnSTY9sXeuA96R8pqXdCA@mail.gmail.com> <20190607200832.GA19127@puck.nether.net>
In-Reply-To: <20190607200832.GA19127@puck.nether.net>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Fri, 07 Jun 2019 16:32:11 -0400
Message-ID: <CAJm83bCrdrKh+D8ytdd7DfnyV8HbN7vmiqCm7tgC9LAoEGowaw@mail.gmail.com>
To: "Majdi S. Abbas" <msa@latt.net>
Cc: "Salz, Rich" <rsalz@akamai.com>, "ntp@ietf.org" <ntp@ietf.org>, "Gary E. Miller" <gem@rellim.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/zsc5ICl9Og79ReXKX2I2pR0SE3M>
Subject: Re: [Ntp] NTS IANA request
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 20:32:25 -0000

On Fri, Jun 7, 2019 at 4:08 PM Majdi S. Abbas <msa@latt.net> wrote:
>         I'm not sure where this came from, but it hasn't been my
> experience.  In fact even the folks who came in with pretty heavy
> handed filters a few years ago, have backed off quite a bit as users
> have corrected their configurations.

It's been ours. We've encountered such filtering issues in all three
NTS hackathons. At any rate, as Watson said, data is coming. We should
rely on that rather than anecdotes.

>         I don't believe there's much of a firewall issue at all,
> since I haven't seen a blanket "lt 1024" permit in.... years.  Either
> specific services are permitted, or application level proxies are
> employed... but nobody magically "trusts" system ports any more, and
> has not in a very long time.

This isn't an issue of system ports (< 1024) vs. user ports, it's an
issue of a single IANA-registered port vs. everyone who runs a server
being told to choose their own (and advertise it via NTS-KE port
negotiation). In the latter case it becomes both harder to block if
you have a default-allow policy like an ISP would, and harder to allow
if you have a default-deny policy like a corporate firewall would.

v2.23.0 | Report a Bug | By Email