Minutes IETF105: ntp
minutes-105-ntp-00

Meeting Minutes Network Time Protocols (ntp) WG
Date and time 2019-07-22 19:50
Title Minutes IETF105: ntp
State Active
Other versions plain text
Last updated 2019-07-25

minutes-105-ntp-00
===============================
NTP Session
IETF 105 - Montreal
Monday, July 22, 2019
15:50-17:50 (UTC-04:00)
Meeting Minutes
===============================

WG chairs: Karen O'Donoghue, Dieter Sibold
Meeting minutes: Tal Mizrahi
Jabber: Rich Salz


Chair Slides
------------
Presenter: Karen O'Donoghue
Slides:
https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-ntp-wg-chair-slides-00

Summary:
- Note well was presented.
- The agenda for the current session was presented.
- Agenda bashing: nothing proposed.
- We will start with TICTOC related issues.
- After that we will go to the NTP session.
- NTP status:
  - The NTP BCP was finally published ! Thanks to Denis, Dieter and Harlan.
  - Three documents that are ready to proceed to the IESG: NTS, Guidlines for defining
    packet timestamps, and Interleaved Mode. These documents will be submitted to the IESG
    for publication in the next few days.
- There was a virtual hackathon this weekend. Further details to follow.


==============
TICTOC Session
==============

Summary:
- The IEEE 1588 Enterprise profile draft is ready to go the IESG.
- Working group will conclude soon.
- The following presentation is related to TICTOC.


Secure Enterprise Data Center Profile for IEEE 1588 Precision Time Protocol (PTP)
---------------------------------------------------------------------------------
Presenter: Doug Arnold

Presentation:
https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-secure-enterprise-data-center-profile-for-ieee-1588-precision-time-protocol-ptp-00

Draft: no draft

Summary:
- A short update about the IEEE 1588 standard revision, which is near publication.
- A secure profile of IEEE 1588 for enterprise and data center networks.
- Mainly for the financial industry.
- Synchronization requirements are not very stringent.
- One of the goals is to reuse key exchange mechanisms that are already deployed in data
  centers.

Discussion:
- Tal Mizrahi: interesting work, relevant to this working group. Have you considered other
  applications than financial, and other accuracy requirements?
- Doug: not at this point. The main target customer we have been hearing from is the
  financial industry.
- Stu Card: anything related to White Rabbit?
- Doug: White Rabbit is very interesting to high frequency trading. In this context we are
  talking about the regulatory compliance in financial networks, which is on the order of
  100 microseconds, and white rabbit is less interesting.
- Watson Ladd: you mentioned key exchange. Have you considered the NTS key exchange?
- Doug: we have not got to the point of choosing a specific key exchange. These networks
  will also run NTP, so a common key exchange may be useful.
- Stu Card: anything related to PTP over unstable links, such as wireless?
- Doug: not in this context. There is some work in 802.1 to support WiFi, but not relevant
  to this work.
- Daniel Franke: an accuracy of 100 microseconds can be achieved in NTP in a LAN. Why not
  use NTP?
- Doug: right, you can get this accuracy with NTP. Customer are asking for PTP because
  they are anticipating the future, expecting these requirements to become more strict.
- Daniel: you need a trusted path between the source and client. That is the main issue.
- Doug: hardware timestamping in NTP can get a very accurate time transfer. On the other
  hand customers are expecting secure PTP.
- Daniel: if it does not solve a technical problem then it may not be interesting to solve
  in the IETF.
- Doug: PTP is popular in a lot of industries because transparent clocks and boundary
  clocks are more available than edges with hardware timestamping.
- Karen: I am not sure we will resolve this.
- Kristof Teichel: I agree with Daniel that one way communication will always be subject
  to delay attacks regardless of cryptography. We are working on combining one-way and
  two-way approaches. Using a two-way approach in PTP will be useful.
- Doug: PTP usually uses a two-way approach. You have a point that the reference delay may
  be calibrated for a link, and then this information can be used as a reference for
  detecting attacks.
- Karen: the revision of IEEE 1588 called version 2.1 that will be published soon will
  include a security TLV, but this is just the beginning of the work on security. The more
  we work together on this the better.


===========
NTP Session
===========


NTP Hackathon Summary
---------------------
- There was a remote hackathon on the weekend on NTS.
- The relevant people are not available to give an update.
- A summary of the test results will be available on the meeting materials page:
  https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-hackathon-results-01
- We will set up a separate mailing list for implementation aspects, and announce it on
  the NTP mailing list.


A YANG Data Model for NTP
-------------------------
Presenter: Dhruv Dhody

Presentation:
https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-a-yang-data-model-for-ntp-00

Summary:
- The draft was updated based on comments.
- More comments will be addressed soon.
- NTS is currently not part of the YANG model. The authors suggest to continue this in a
  future document.

Discussion:
- Suresh Krishnan: I believe the NTS should be in the current YANG model. The YANG model
  does not have to wait for NTS to be published.
- Dhruv: this may hold back the document. But we need to do the right thing.
- Karen: we may want to separate the NTP server from the NTS implementation. Logically
  these are different modules.
- Suresh: but there is some commonality. We need to do the right thing.
- Dhruv: I want to know how the working group feels.
- Harlan: is there a reference implementation of the YANG model? Is it possible to use any
  of the existing authentication methods with this YANG model?
- Dhruv: reference impelmentation: we have something very basic, but not production
  quality. Regarding the authentication - the private key part is there. Autokey - does
  not exist. NTS - does not exist.
- Suresh: it is possible to send the draft out like this, but make sure we do not have to
  do a bis version of this work.
- Dhruv: it will definitely not need a bis version. It is always possible to add more
  content by augmentation.


Port Randomization in the Network Time Protocol Version 4
---------------------------------------------------------
Presenter: Fernando Gont (remote)

Draft:
https://www.ietf.org/archive/id/draft-gont-ntp-port-randomization-03.txt

Presentation:
https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-port-randomization-in-
the-network-time-protocol-version-4-00

Summary:
- We want to ask whether there is interest to adopt this draft in the WG.

Discussion:
- Karen: can you summarize the traffic on the mailing list?
- Fernando: regarding port randomization on a per-transaction basis - packets may go
  through different paths, and affect synchronization. Therefore the document chose to
  randomize on a per association basis. Another comment from Danny is that this does not
  address blind attacks. We argue that it addresses blind attacks in the transport layer,
  but it is independent of other layers, where blind attacks may be performed.
- Karen: any further comments about adoption?
- No answers.
- Karen: does anyone oppose?
- No answers.
- Watson: I would be willing to read it and send comments.
- Harlan: willing to review.


On Implementing Time
--------------------
Presenter: Aanchal Malhotra

Summary:
- No major changes.
- One editorial change.
- Karen: Any comments about adopting the document?
- No comments.
- Karen: we will look at adopting it.


Roughtime
---------
Presenter: Aanchal Malhotra

Summary:
- Two major changes: 1. Timestamp section: we have updated to the Julian date format, and
  2. how Roughtime addresses delay attacks (thanks Tal).
- Some clarifications from Marcus related to implementation.
- Karen: any questions or comments?
- No comments.
- Watson: I am a co-author. We are working on adjusting the PLL based on time estimates.
  Please let me know if people think this is necessary.
- Karen: we will consider adoption.


A Secure Selection and Filtering Mechanism for NTP
--------------------------------------------------
Presenter: Neta Schiff

Draft:
https://datatracker.ietf.org/doc/draft-schiff-ntp-chronos

Presentation:
https://datatracker.ietf.org/meeting/105/materials/slides-105-ntp-a-secure-selection-and-
filtering-mechanism-for-the-network-time-protocol-version-4-00

Summary:
- A short reminder about Chronos.
- A summary of the comments received, and how they were addressed.

Discussion:
- Harlan: is this appropriate for authenticated, or for un-authenticated time?
- Neta: we believe both.
- Harlan: how does this work with un-authenticated time?
- Neta: we assume an attacker that has powerful access to servers or to paths.
- Harlan: that is a stringent assumption.
- Neta: right, also delay attacks are in scope.
- Harlan: it is a pretty big assumption over a large number of servers.
- Neta: right, we are considering stringent assumption.
- Suresh: one thing I like is that the threat model is such that we usually assume that
  endpoints are not compromised, but this draft does not assume that. I like this draft.
- Danny: might be useful if tied together with an NTP server.
- Neta: Chronos is intended for the client side, allowing easier deployment without
  affecting existing servers. How servers can be improved is for further research.
- Karen: any other questions?
- Karen: Neta will be presenting this work tomorrow in IRTF open, as she is the winner of
  the ANRP prize this IETF meeting.

AOB
---
- We have some pending call-for-adoptions.
- The ref ID document may be ready for working group last call.
- Harlan: should be ready to go.
- Extension field drafts will also be ready for working group adoption soon.
- Aanchal: what about the data minimization draft?
- Karen: it went through WG last call. Waiting for some comments. We need to check again,
  and  but I believe it will be ready to be sent to the IESG.
- Harlan: I did not receive any responses to the comments for the data minimization.
- Karen: we need to review the mailing list. I thought we were waiting for information
  from Harlan.
- Harlan: did not know any information is missing.
- Karen: we will hold virtual interims. We may hold virtual hackathons for NTS.
- Karen: adjourned early. See you next IETF meeting.


Adjourned at 16:58.