Joint TICTOC and NTP WG Meeting - IETF 89 - London Wednesday 5 March 2014, 09:00-11:30 Chairs: Karen O'Donoghue and Yaakov (J) Stein Administrative ============== Karen opened by stating that we have a relatively short agenda this time and that the timing of the session was not ideal for regular remote participants attending by audio and jabber. The Note Well and agenda were presented. After bashing the agenda, the NTP session was held first. NTP WG document status ====================== The NTP extension field draft (draft-ietf-ntp-extension-field) has completed WGLC and is awaiting PROTO write-up. It is a clarification of RFC5905 rather than new work. Brian asked about the implementation status of the draft. He suggested that it could be handled as a process experiment, or an implementation status section could be added to the draft which would be removed before publication (the IESG likes knowing the implementation/use status during evaluation). Network Time Security (draft-ietf-ntp-network-time-security) is still under discussion in WG and an update will presented today. The control protocol draft (draft-odonoghue-ntpv4-control) has a new editor and is awaiting an update. Finally, the interleave messages have been implemented but have not been documented. Anyone interested in authoring should contact Karen. Network Time Security (NTS) =========================== Kristof presented updates regarding draft-ietf-ntp-network-time-security. The document has been updated to conform to the requirements in the TICTOC security requirements document. The protocol sequence section has been split, 2 appendices have been added (list of extensions field types, and flow diagram), and the cryptographic algorithms negotiation has been altered. Kristof stated that the present NTP server DOS attack is not in scope (see BCP discussion below). Using DANE for certificate exchange is still being considered. Brian Haberman stated that DANE is interesting since it solves the single trust anchor issue. A Delay attack is still not addressed. The next step is the formal verification of the protocol (2 approaches - inductive and model checking). Yaakov asked if these will be part of the present document. Kristof indicated that the verification would not be part of the final document and estimated it would take about 2 1/2 years to finish. Harlan Stenn (via jabber) indicated that Steve Bellovin had sent some comments to the authors, and that a proof of concept implementation is under discussion. Karen asked for more reviews before proceeding to last call. We also need additional feedback from NTP development community. Please send all further comments to list. We would like to LC within a year. NTP BCP ======= Karen explained the background to the NTP BCP issue. We need documentation of the best practices for setting up and maintaining an NTP server, including security issues. The amplification attack presently in the news is only one such issue. Brian pointed out that the present attack was a wake-up call, and Karen indicated that it is almost an oversight that this has not been done before. Karen said that we have one volunteer to work as author, and that the NTP community is interested in participating. She asked other interested parties to email her. TICTOC WG document status ========================= draft-ietf-tictoc-security-requirements and draft-ietf-tictoc-ptp-mib both completed WGLC and are waiting for PROTO write-up by Karen. draft-ietf-tictoc-1588overmpls has completed the first WGLC with the decision to proceed to an experimental RFC. Shahram explained that he needs to remove references to FRR, and republish as a candidate for experimental RFC. Since this is a minor edit already agreed upon, there is no need for another WG LC. draft-ietf-tictoc-ptp-enterprise-profile is still under development, and the authors could not attend this meeting. An update will be published after this IETF with a plan to proceed to WGLC. Please review and send comments to list. Karen informed the WG that there will be a 1588 face-to-face meeting April 7-9 at CERN in Geneva. The meeting ended early.