[TICTOC] NTP WG interim mtg draft minutes, 9 June 2016
Samuel Weiler <weiler@w3.org> Thu, 09 June 2016 17:00 UTC
Return-Path: <weiler@w3.org>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F2C912D88A for <tictoc@ietfa.amsl.com>; Thu, 9 Jun 2016 10:00:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.327
X-Spam-Level:
X-Spam-Status: No, score=-3.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACc4kvA54r-O for <tictoc@ietfa.amsl.com>; Thu, 9 Jun 2016 10:00:15 -0700 (PDT)
Received: from raoul.w3.org (raoul.w3.org [IPv6:2001:470:8b2d:804:52:12:128:0]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 686A612D769 for <tictoc@ietf.org>; Thu, 9 Jun 2016 10:00:06 -0700 (PDT)
Received: from c-73-219-50-136.hsd1.ma.comcast.net ([73.219.50.136] helo=MacBook-Pro.local) by raoul.w3.org with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <weiler@w3.org>) id 1bB3JL-000Aok-NI; Thu, 09 Jun 2016 17:00:04 +0000
References: <001a113e16303a562d0534db259e@google.com>
To: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>, "tictoc@ietf.org" <tictoc@ietf.org>
From: Samuel Weiler <weiler@w3.org>
X-Forwarded-Message-Id: <001a113e16303a562d0534db259e@google.com>
Message-ID: <92b0c5ca-711e-40ff-facc-6c74e92f7bf2@w3.org>
Date: Thu, 09 Jun 2016 13:00:01 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <001a113e16303a562d0534db259e@google.com>
Content-Type: multipart/mixed; boundary="------------555866CCA9C9C8C075633265"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tictoc/rMwiFDsTPYq24V9sZx9PhhCMsqs>
X-Mailman-Approved-At: Sun, 12 Jun 2016 20:32:29 -0700
Subject: [TICTOC] NTP WG interim mtg draft minutes, 9 June 2016
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 17:03:28 -0000
NTP/TICTOC interim meeting 9 June 2016, noon EDT Samuel Weiler as scribe Kristof reported on NTS design team progress. The design team is focusing on item #1 from: https://trac.tools.ietf.org/wg/ntp/trac/wiki/NtsWglcDesignTeam A snapshot of that wiki page is attached at the end of these minutes as well as in a separate PDF, and a shapsnot of the long-form design team agenda is attached as a PDF. They're boiled the choices down to modifying NTS to handle fragmention or running over DTLS. Limited/no progress on other items, but hoping progress on #1 will help with other items. If DTLS approach works out, he's confident that other decisions will be made before Berlin. If DTLS approach does not work out and we need custom key exchange, then this estimate does not hold. Sharon concurred with this summary. Richard Welty reports that the original key exchange is coded. ... expects his documents to be done by this time next week. Kristof reports that Martin's implementation is well along, but he is likely only implementing the old key exchange protocol and may not accommodate changes from the current design team effort. -- Denis reports having posted a new BCP draft. He thanks Sharon for writing up a section on security best practices. He would still like a contribution on load balancing, but if he doesn't get that, he'll just edit for flow and request advancement by end of June. He'd like review. Karen encouraged reaching out to Greg, who had previously offered load balancing text. -- Miroslav believes that the fields in the current extensions RFC could be corrected with minor effort. But he thinks that Harlan is trying to do something beyond the intent of the original RFCs, and he's not sure how to resolve that. Karen offered to take this up with Harlan, who was not on the call. Holding off on other refid, etc. discussion on this call. -- Karen reports: PTP enterprise profile went through WGLC with no substantial comments. Karen intends to send it to IESG and for 1588 review. No comments raised on this call, either. -- Karen reports on 1588 MIB and YANG model progress: MIB has gone to the IESG and still has outstanding editorial changes requested. Biggest question is how to deal with copyright between IETF and IEEE - that has been sent to the IESG-IEEE coordination committee. This will impact the YANG model doc also. -- Timing over MPLS: Greg Mirsky: the MLPS WG would like comments on the residence time management document. Yakov and Sriram were going to work on updating the tictoc doc, now expired. Greg thinks their interest in finalizing this may be higher and another poke may be sufficient. -- Miroslav asked re: IANA autokey field type - he had sent a query to the list. Karen had missed his email, but she'll look into how to get this fixed, working with Miroslav and Harlan. Karen asked if there is agreement on what the assignments should be. -- Next interim meeting: Thursday 7 July. Attendees: Karen O'Donoghue Samuel Weiler Daniel Franke Denis Reilley Dieter Sibold Greg Mirsky Kristof Teichel Miroslav Richard Welty Sharon Goldberg ---- Snapshot of design team wiki, including minutes to date: https://trac.tools.ietf.org/wg/ntp/trac/wiki/NtsWglcDesignTeam == Network Time Security WGLC Design Team Discussions == Link to the agenda document (everyone may comment, only Dieter and Kristof may edit at the moment): https://docs.google.com/document/d/1CR5mFOP_WZ_FZDTf0IWsXLFOvhO4AXokZNvOb3PWI7E === Identified Agenda Items for the Design Team === * Top Priority: 1. IP fragmentation of certificate-carrying messages during key exchange 2. Key exchange protocol: do fewer exchanges? * High Priority: 3. Key exchange protocol: have fewer cryptographic operations? 4. Key exchange protocol: what about two-way authentication? 5. Discussion about Chicken-and-Egg Problem 6. Improve Handling of Cipher Suites * Medium Priority 7. Improve Treatment of Peer Mode 8. Symmetry of Message Sizes “time_request” and “time_response” 9. Use of Initial (Unsecured) Timestamps 10. Seed Refresh: Should this Be Mentioned 11. Discussion about Different Security Approaches 12. MAC-Algorithm instead of Hash (for HMAC) Algorithm === Meetings === First (teleconference) meeting likely on Monday, 25 April, 15:30 UTC; some form of minutes will be made available. **April 25th (Monday)** * Platform: Adobe Connect. Severe connection issues for Kristof. * Attending: Danny, Dieter, Harlan, Karen, Kristof, Miroslav, Sharon. * Meeting Agenda: * Introductions & organizational issues (minute taking) * Discussion on correctness & completeness of the team agenda list in the document linked above * Discussion on priorities of items (especially "must have" vs. "nice to have") * //Optional//: Start of discussion on high-priority items * Set date for next meeting * Additional minutes: * Group: Declaring certificate exchange out of scope is bad idea * Group: (D)TLS seems promising option * Sharon: what is design goal behind custom key exchange (KE)? * Miroslav: solve fragmentation by limiting to one cert per exchange? * Karen: DTLS / IPsec people should be involved at some point **May 2nd (Monday)** * Platform: Adobe Connect. Issue with connectivity between dial-in and PC connections. * Attending: Dieter, Harlan, Karen, Kristof, Miroslav, Sharon. * Meeting Agenda: * Organizational issues * Minute taking * Date for next meeting * Discussion for item "IP fragmentation" (~10-15 min. each): * List of requirements by Miroslav * Option "Self-management" (NTS splits extension field data) * Option "External channel" (TCP/(D)TLS/HTTPS/...) * Flesh out item "Two-way authentication" (~5 min.) * Discussion of item "Peer mode" (~5 min.) * General discussion * Additional minutes: * Next meeting same time following week. Karen agrees to provide better meeting room. * Group: more discussion on DTLS * Sharon: should ask DTLS folks specifically. Agrees to contact someone. * Miroslav: what about peer mode (expected to be dealt with alreday) * Kristof: peer mode via old symmetric approach? * Group: discussion about merits/disadvantages of two-way authentication **May 9th (Monday)** * Platform: WebEx (room supplied by Karen). * Attending: Dieter, Harlan, Kristof, Miroslav, Sharon * Minutes: * Group: More discussion on mutual authentication * Harlan: needed for peer mode and also mode 6 NTP packets * Group: perhaps specify two KE procedures, one which sticks to UDP 123 etc., another which is fast **May 17th (Tuesday)** * Platform: WebEx (room supplied by Karen). * Attending: Harlan, Kristof, Miroslav **Week of May 22nd** -Meeting skipped- **May 31st (Tuesday)** * Platform: WebEx (room supplied by Karen). * Attending: Danny, Dieter, Harlan, Karen, Kristof, Miroslav, Sharon * Meeting Agenda: * Changes by Dieter and Kristof (DTLS options) * Additional minutes: * Group: Discussion on unauthenticated timing data * Sharon: is in favor of "MUST NOT" language * Kristof: would like to treat this in section "NTS assumptions about initial timing quality" * Group: eliminated some options for the fragmentation issue * Upcoming meeting cancelled in favor of only NTPWG call (Thursday, June 9th). After that, Design team calls can be moved back to Mondays, 15:30 UTC
- [TICTOC] NTP WG interim mtg draft minutes, 9 June… Samuel Weiler