Minutes IETF105: ntp
Network Time Protocol
||Minutes IETF105: ntp
IETF 105 - Montreal
Monday, July 22, 2019
WG chairs: Karen O'Donoghue, Dieter Sibold
Meeting minutes: Tal Mizrahi
Jabber: Rich Salz
Presenter: Karen O'Donoghue
- Note well was presented.
- The agenda for the current session was presented.
- Agenda bashing: nothing proposed.
- We will start with TICTOC related issues.
- After that we will go to the NTP session.
- NTP status:
- The NTP BCP was finally published ! Thanks to Denis, Dieter and Harlan.
- Three documents that are ready to proceed to the IESG: NTS, Guidlines for defining
packet timestamps, and Interleaved Mode. These documents will be submitted to the IESG
for publication in the next few days.
- There was a virtual hackathon this weekend. Further details to follow.
- The IEEE 1588 Enterprise profile draft is ready to go the IESG.
- Working group will conclude soon.
- The following presentation is related to TICTOC.
Secure Enterprise Data Center Profile for IEEE 1588 Precision Time Protocol (PTP)
Presenter: Doug Arnold
Draft: no draft
- A short update about the IEEE 1588 standard revision, which is near publication.
- A secure profile of IEEE 1588 for enterprise and data center networks.
- Mainly for the financial industry.
- Synchronization requirements are not very stringent.
- One of the goals is to reuse key exchange mechanisms that are already deployed in data
- Tal Mizrahi: interesting work, relevant to this working group. Have you considered other
applications than financial, and other accuracy requirements?
- Doug: not at this point. The main target customer we have been hearing from is the
- Stu Card: anything related to White Rabbit?
- Doug: White Rabbit is very interesting to high frequency trading. In this context we are
talking about the regulatory compliance in financial networks, which is on the order of
100 microseconds, and white rabbit is less interesting.
- Watson Ladd: you mentioned key exchange. Have you considered the NTS key exchange?
- Doug: we have not got to the point of choosing a specific key exchange. These networks
will also run NTP, so a common key exchange may be useful.
- Stu Card: anything related to PTP over unstable links, such as wireless?
- Doug: not in this context. There is some work in 802.1 to support WiFi, but not relevant
to this work.
- Daniel Franke: an accuracy of 100 microseconds can be achieved in NTP in a LAN. Why not
- Doug: right, you can get this accuracy with NTP. Customer are asking for PTP because
they are anticipating the future, expecting these requirements to become more strict.
- Daniel: you need a trusted path between the source and client. That is the main issue.
- Doug: hardware timestamping in NTP can get a very accurate time transfer. On the other
hand customers are expecting secure PTP.
- Daniel: if it does not solve a technical problem then it may not be interesting to solve
in the IETF.
- Doug: PTP is popular in a lot of industries because transparent clocks and boundary
clocks are more available than edges with hardware timestamping.
- Karen: I am not sure we will resolve this.
- Kristof Teichel: I agree with Daniel that one way communication will always be subject
to delay attacks regardless of cryptography. We are working on combining one-way and
two-way approaches. Using a two-way approach in PTP will be useful.
- Doug: PTP usually uses a two-way approach. You have a point that the reference delay may
be calibrated for a link, and then this information can be used as a reference for
- Karen: the revision of IEEE 1588 called version 2.1 that will be published soon will
include a security TLV, but this is just the beginning of the work on security. The more
we work together on this the better.
NTP Hackathon Summary
- There was a remote hackathon on the weekend on NTS.
- The relevant people are not available to give an update.
- A summary of the test results will be available on the meeting materials page:
- We will set up a separate mailing list for implementation aspects, and announce it on
the NTP mailing list.
A YANG Data Model for NTP
Presenter: Dhruv Dhody
- The draft was updated based on comments.
- More comments will be addressed soon.
- NTS is currently not part of the YANG model. The authors suggest to continue this in a
- Suresh Krishnan: I believe the NTS should be in the current YANG model. The YANG model
does not have to wait for NTS to be published.
- Dhruv: this may hold back the document. But we need to do the right thing.
- Karen: we may want to separate the NTP server from the NTS implementation. Logically
these are different modules.
- Suresh: but there is some commonality. We need to do the right thing.
- Dhruv: I want to know how the working group feels.
- Harlan: is there a reference implementation of the YANG model? Is it possible to use any
of the existing authentication methods with this YANG model?
- Dhruv: reference impelmentation: we have something very basic, but not production
quality. Regarding the authentication - the private key part is there. Autokey - does
not exist. NTS - does not exist.
- Suresh: it is possible to send the draft out like this, but make sure we do not have to
do a bis version of this work.
- Dhruv: it will definitely not need a bis version. It is always possible to add more
content by augmentation.
Port Randomization in the Network Time Protocol Version 4
Presenter: Fernando Gont (remote)
- We want to ask whether there is interest to adopt this draft in the WG.
- Karen: can you summarize the traffic on the mailing list?
- Fernando: regarding port randomization on a per-transaction basis - packets may go
through different paths, and affect synchronization. Therefore the document chose to
randomize on a per association basis. Another comment from Danny is that this does not
address blind attacks. We argue that it addresses blind attacks in the transport layer,
but it is independent of other layers, where blind attacks may be performed.
- Karen: any further comments about adoption?
- No answers.
- Karen: does anyone oppose?
- No answers.
- Watson: I would be willing to read it and send comments.
- Harlan: willing to review.
On Implementing Time
Presenter: Aanchal Malhotra
- No major changes.
- One editorial change.
- Karen: Any comments about adopting the document?
- No comments.
- Karen: we will look at adopting it.
Presenter: Aanchal Malhotra
- Two major changes: 1. Timestamp section: we have updated to the Julian date format, and
2. how Roughtime addresses delay attacks (thanks Tal).
- Some clarifications from Marcus related to implementation.
- Karen: any questions or comments?
- No comments.
- Watson: I am a co-author. We are working on adjusting the PLL based on time estimates.
Please let me know if people think this is necessary.
- Karen: we will consider adoption.
A Secure Selection and Filtering Mechanism for NTP
Presenter: Neta Schiff
- A short reminder about Chronos.
- A summary of the comments received, and how they were addressed.
- Harlan: is this appropriate for authenticated, or for un-authenticated time?
- Neta: we believe both.
- Harlan: how does this work with un-authenticated time?
- Neta: we assume an attacker that has powerful access to servers or to paths.
- Harlan: that is a stringent assumption.
- Neta: right, also delay attacks are in scope.
- Harlan: it is a pretty big assumption over a large number of servers.
- Neta: right, we are considering stringent assumption.
- Suresh: one thing I like is that the threat model is such that we usually assume that
endpoints are not compromised, but this draft does not assume that. I like this draft.
- Danny: might be useful if tied together with an NTP server.
- Neta: Chronos is intended for the client side, allowing easier deployment without
affecting existing servers. How servers can be improved is for further research.
- Karen: any other questions?
- Karen: Neta will be presenting this work tomorrow in IRTF open, as she is the winner of
the ANRP prize this IETF meeting.
- We have some pending call-for-adoptions.
- The ref ID document may be ready for working group last call.
- Harlan: should be ready to go.
- Extension field drafts will also be ready for working group adoption soon.
- Aanchal: what about the data minimization draft?
- Karen: it went through WG last call. Waiting for some comments. We need to check again,
and but I believe it will be ready to be sent to the IESG.
- Harlan: I did not receive any responses to the comments for the data minimization.
- Karen: we need to review the mailing list. I thought we were waiting for information
- Harlan: did not know any information is missing.
- Karen: we will hold virtual interims. We may hold virtual hackathons for NTS.
- Karen: adjourned early. See you next IETF meeting.
Adjourned at 16:58.