Minutes IETF105: ntp
|Meeting Minutes||Network Time Protocols (ntp) WG|
|Title||Minutes IETF105: ntp|
|Other versions||plain text|
=============================== NTP Session IETF 105 - Montreal Monday, July 22, 2019 15:50-17:50 (UTC-04:00) Meeting Minutes =============================== WG chairs: Karen O'Donoghue, Dieter Sibold Meeting minutes: Tal Mizrahi Jabber: Rich Salz Chair Slides ------------ Presenter: Karen O'Donoghue Slides: https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-ntp-wg-chair-slides-00 Summary: - Note well was presented. - The agenda for the current session was presented. - Agenda bashing: nothing proposed. - We will start with TICTOC related issues. - After that we will go to the NTP session. - NTP status: - The NTP BCP was finally published ! Thanks to Denis, Dieter and Harlan. - Three documents that are ready to proceed to the IESG: NTS, Guidlines for defining packet timestamps, and Interleaved Mode. These documents will be submitted to the IESG for publication in the next few days. - There was a virtual hackathon this weekend. Further details to follow. ============== TICTOC Session ============== Summary: - The IEEE 1588 Enterprise profile draft is ready to go the IESG. - Working group will conclude soon. - The following presentation is related to TICTOC. Secure Enterprise Data Center Profile for IEEE 1588 Precision Time Protocol (PTP) --------------------------------------------------------------------------------- Presenter: Doug Arnold Presentation: https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-secure-enterprise-data-center-profile-for-ieee-1588-precision-time-protocol-ptp-00 Draft: no draft Summary: - A short update about the IEEE 1588 standard revision, which is near publication. - A secure profile of IEEE 1588 for enterprise and data center networks. - Mainly for the financial industry. - Synchronization requirements are not very stringent. - One of the goals is to reuse key exchange mechanisms that are already deployed in data centers. Discussion: - Tal Mizrahi: interesting work, relevant to this working group. Have you considered other applications than financial, and other accuracy requirements? - Doug: not at this point. The main target customer we have been hearing from is the financial industry. - Stu Card: anything related to White Rabbit? - Doug: White Rabbit is very interesting to high frequency trading. In this context we are talking about the regulatory compliance in financial networks, which is on the order of 100 microseconds, and white rabbit is less interesting. - Watson Ladd: you mentioned key exchange. Have you considered the NTS key exchange? - Doug: we have not got to the point of choosing a specific key exchange. These networks will also run NTP, so a common key exchange may be useful. - Stu Card: anything related to PTP over unstable links, such as wireless? - Doug: not in this context. There is some work in 802.1 to support WiFi, but not relevant to this work. - Daniel Franke: an accuracy of 100 microseconds can be achieved in NTP in a LAN. Why not use NTP? - Doug: right, you can get this accuracy with NTP. Customer are asking for PTP because they are anticipating the future, expecting these requirements to become more strict. - Daniel: you need a trusted path between the source and client. That is the main issue. - Doug: hardware timestamping in NTP can get a very accurate time transfer. On the other hand customers are expecting secure PTP. - Daniel: if it does not solve a technical problem then it may not be interesting to solve in the IETF. - Doug: PTP is popular in a lot of industries because transparent clocks and boundary clocks are more available than edges with hardware timestamping. - Karen: I am not sure we will resolve this. - Kristof Teichel: I agree with Daniel that one way communication will always be subject to delay attacks regardless of cryptography. We are working on combining one-way and two-way approaches. Using a two-way approach in PTP will be useful. - Doug: PTP usually uses a two-way approach. You have a point that the reference delay may be calibrated for a link, and then this information can be used as a reference for detecting attacks. - Karen: the revision of IEEE 1588 called version 2.1 that will be published soon will include a security TLV, but this is just the beginning of the work on security. The more we work together on this the better. =========== NTP Session =========== NTP Hackathon Summary --------------------- - There was a remote hackathon on the weekend on NTS. - The relevant people are not available to give an update. - A summary of the test results will be available on the meeting materials page: https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-hackathon-results-01 - We will set up a separate mailing list for implementation aspects, and announce it on the NTP mailing list. A YANG Data Model for NTP ------------------------- Presenter: Dhruv Dhody Presentation: https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-a-yang-data-model-for-ntp-00 Summary: - The draft was updated based on comments. - More comments will be addressed soon. - NTS is currently not part of the YANG model. The authors suggest to continue this in a future document. Discussion: - Suresh Krishnan: I believe the NTS should be in the current YANG model. The YANG model does not have to wait for NTS to be published. - Dhruv: this may hold back the document. But we need to do the right thing. - Karen: we may want to separate the NTP server from the NTS implementation. Logically these are different modules. - Suresh: but there is some commonality. We need to do the right thing. - Dhruv: I want to know how the working group feels. - Harlan: is there a reference implementation of the YANG model? Is it possible to use any of the existing authentication methods with this YANG model? - Dhruv: reference impelmentation: we have something very basic, but not production quality. Regarding the authentication - the private key part is there. Autokey - does not exist. NTS - does not exist. - Suresh: it is possible to send the draft out like this, but make sure we do not have to do a bis version of this work. - Dhruv: it will definitely not need a bis version. It is always possible to add more content by augmentation. Port Randomization in the Network Time Protocol Version 4 --------------------------------------------------------- Presenter: Fernando Gont (remote) Draft: https://www.ietf.org/archive/id/draft-gont-ntp-port-randomization-03.txt Presentation: https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-port-randomization-in- the-network-time-protocol-version-4-00 Summary: - We want to ask whether there is interest to adopt this draft in the WG. Discussion: - Karen: can you summarize the traffic on the mailing list? - Fernando: regarding port randomization on a per-transaction basis - packets may go through different paths, and affect synchronization. Therefore the document chose to randomize on a per association basis. Another comment from Danny is that this does not address blind attacks. We argue that it addresses blind attacks in the transport layer, but it is independent of other layers, where blind attacks may be performed. - Karen: any further comments about adoption? - No answers. - Karen: does anyone oppose? - No answers. - Watson: I would be willing to read it and send comments. - Harlan: willing to review. On Implementing Time -------------------- Presenter: Aanchal Malhotra Summary: - No major changes. - One editorial change. - Karen: Any comments about adopting the document? - No comments. - Karen: we will look at adopting it. Roughtime --------- Presenter: Aanchal Malhotra Summary: - Two major changes: 1. Timestamp section: we have updated to the Julian date format, and 2. how Roughtime addresses delay attacks (thanks Tal). - Some clarifications from Marcus related to implementation. - Karen: any questions or comments? - No comments. - Watson: I am a co-author. We are working on adjusting the PLL based on time estimates. Please let me know if people think this is necessary. - Karen: we will consider adoption. A Secure Selection and Filtering Mechanism for NTP -------------------------------------------------- Presenter: Neta Schiff Draft: https://datatracker.ietf.org/doc/draft-schiff-ntp-chronos Presentation: https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-a-secure-selection-and- filtering-mechanism-for-the-network-time-protocol-version-4-00 Summary: - A short reminder about Chronos. - A summary of the comments received, and how they were addressed. Discussion: - Harlan: is this appropriate for authenticated, or for un-authenticated time? - Neta: we believe both. - Harlan: how does this work with un-authenticated time? - Neta: we assume an attacker that has powerful access to servers or to paths. - Harlan: that is a stringent assumption. - Neta: right, also delay attacks are in scope. - Harlan: it is a pretty big assumption over a large number of servers. - Neta: right, we are considering stringent assumption. - Suresh: one thing I like is that the threat model is such that we usually assume that endpoints are not compromised, but this draft does not assume that. I like this draft. - Danny: might be useful if tied together with an NTP server. - Neta: Chronos is intended for the client side, allowing easier deployment without affecting existing servers. How servers can be improved is for further research. - Karen: any other questions? - Karen: Neta will be presenting this work tomorrow in IRTF open, as she is the winner of the ANRP prize this IETF meeting. AOB --- - We have some pending call-for-adoptions. - The ref ID document may be ready for working group last call. - Harlan: should be ready to go. - Extension field drafts will also be ready for working group adoption soon. - Aanchal: what about the data minimization draft? - Karen: it went through WG last call. Waiting for some comments. We need to check again, and but I believe it will be ready to be sent to the IESG. - Harlan: I did not receive any responses to the comments for the data minimization. - Karen: we need to review the mailing list. I thought we were waiting for information from Harlan. - Harlan: did not know any information is missing. - Karen: we will hold virtual interims. We may hold virtual hackathons for NTS. - Karen: adjourned early. See you next IETF meeting. Adjourned at 16:58.