[secdir] Secdir last call review of draft-ietf-ntp-mode-6-cmds-08
Daniel Franke via Datatracker <noreply@ietf.org> Sat, 13 June 2020 15:18 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 358723A0933; Sat, 13 Jun 2020 08:18:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Daniel Franke via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: ntp@ietf.org, last-call@ietf.org, draft-ietf-ntp-mode-6-cmds.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.3.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159206148916.27533.2080482554461273224@ietfa.amsl.com>
Reply-To: Daniel Franke <dafranke@akamai.com>
Date: Sat, 13 Jun 2020 08:18:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4kfOQGt2mc0LJ3398b9Xf0yhnE0>
Subject: [secdir] Secdir last call review of draft-ietf-ntp-mode-6-cmds-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2020 15:18:09 -0000
Reviewer: Daniel Franke Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a historic protocol whose design falls far short of modern IETF standards. Its myriad issues are well-described in the Security Considerations section. There has been some debate as to whether the appropriate status for this document is Historic or Informational. I believe the currently-intended Historic status is more appropriate. The argument I have heard repeatedly in favor of Informational status is that it is not appropriate to classify a protocol as Historic until a better alternative exists with a published specification. I believe that better alternative exists, which is to have no standard at all. It's perfectly fine for NTP monitoring and management protocols to be vendor-specific. In virtually all legitimate uses ("legitimate" so as to exclude RDoS attacks), both sides of the protocol run on systems managed by the same organization and the need for vendor-specific tools is not a practical issue. Lack of standardization is the already the status quo, since there are many widely-used NTP implementations out there but only the Network Time Foundation implementation and its derivatives (such as NTPsec) support this protocol. I know of nobody who has ever been inconvenienced by this; standardization is a solution in search of a problem.
- [secdir] Secdir last call review of draft-ietf-nt… Daniel Franke via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Brian Haberman
- Re: [secdir] [Ntp] Secdir last call review of dra… Harlan Stenn
- Re: [secdir] [Ntp] Secdir last call review of dra… Karen O'Donoghue
- Re: [secdir] [Ntp] Secdir last call review of dra… Harlan Stenn
- Re: [secdir] [Ntp] Secdir last call review of dra… Brian Haberman
- Re: [secdir] [Ntp] Secdir last call review of dra… Harlan Stenn
- Re: [secdir] [Ntp] Secdir last call review of dra… Brian Haberman
- Re: [secdir] [Ntp] Secdir last call review of dra… Harlan Stenn