NTP WG INTERIM MEETING 25 May 2017, 3 pm UTC PARTICIPANTS: Aanchal Malhotra, Ankit Kumar Sinha, Daniel Franke, Danny Meyer, Dave Mills, Denis Reilly, Dhruv Dhody, Dieter Sibold, Harlan Stenn, Karen O’Donoghue, Kristof Teichel, Kyle Rose, Miroslav Lichvar, Peter Meyer, Richard Welty, Robert Nay, Robert Annessie, Ronan Flood, Sharon Goldberg, Steward Bryant, Sue Graves, Tal Mizrahi, Yaakov Stein, Scott Fluhrer - Karen: Presentation of IETF Note Well - Nobody opposed to record this meeting AGENDA - Network Time Security - BCP - Data Minimization - Message Authentication Code - Extension fields and RefID - YANG Data Model - AOB OVERVIEW/SUMMARY/NEXT STEPS FOR THE NTS DOCUMENTS. draft-ietf-ntp-network-time-security draft-ietf-ntp-network-time-security - Daniel reported on the draft 'draft-ietf-ntp-network-time-security'. - The normative parts of the draft are more or less final. - The Security Consideration section will be extended before the next submission. - Daniel plans to submit the changed version by the end of March and will request the WGLC for it immediately after. The WGLC will cover the draft 'draft-ietf-ntp-network-time-security' only. It will not cover the other NTS related specifications. - Summary of the changes: - Reduction of the size of the NTS next protocol negotiation record - Changes to the IANA Consideration section - Corrections of some inconsistencies which results from the removal of the DLTS packet smuggling - Management of keys and cookies for load balanced servers - Karen proposes to give the working group a one week time frame to comment on the draft. After that period the the WGLC shall be issued if there is no objections against it. She would like to have a virtual interim meeting by the end of June to discuss the results from the WGLC. Because this interim meeting would take place just two weeks before the next IETF meeting all participants agreed to not have it. - Kristof will update the generic draft 'draft-ietf-ntp-network-time-security' by the end of June. Summary - Daniel to publish update by 26 May. - WG has until 31 May to indicate that the document is NOT ready for working group last call (WGLC) - If no strong opposition, document will go to WGLC in early June. - Kristof will work on updating the generic NTS document by the end of June. BCP: OVERVIEW/SUMMARY/ NEXT STEPS FROM THE WGLC draft-ietf-ntp-bcp - In April Denis submitted an update of the document. The changes were based on the comments received during the WGLC period. - An additional update of the documents were submitted last Monday (version 4), based on some additional feedback. It contains text changes for the leap seconds, autokey, anycast sections. - Denis points out that even when the document talks about the reference implementation it brings up ideas that are applicable to other implementations as well. - Denis makes clear that all the feedback of the WGLC are incorporated into the latest version of the draft. - Karen asks if we received feedback that indicates that the draft is not ready for publication if this feedback is not incorporated. - Denis: Daniel suggested mandatory changes to the autokey section in order to approve the document. The draft was updated accordingly. This was the only feedback that was requested to be fixed. - Daniel indicates no objection to the changes made. - Karen: if there are no opposition by tomorrow it can be submitted for publication. - Karen describes the next steps necessary for publication of the document. Next steps include approval by the AD, a IETF Last Call, IESG review. - Sharon ask for the appropriate time to sum minor comments on the draft. - Denis ask for a dead line for minor changes. - Karen: Minor changes until May 31th. Summary - Update addressing all WGLC comments has been published. - WG has until 31 May to indicate that the updated document should NOT be forwarded to the IESG. - Chairs will forward to IESG in early June if there is no strong opposition. WAY FORWARD FOR draft-dfranke-ntp-data-minimization-02 - Karen: There have been no objections to adopt this draft. It will be approved as a WG document - Daniel will submit a new version of the draft. It will contain a change regarding the precision field which was requested by Harlan. - Sharon points out that with regard to data minimization it makes sense to also minimize the information leak in the refid field. Together with Harlan she is working on this subject, e.g. in the not-you draft. Should this work go into this draft also? - Daniel points out that his data minimization draft pertain only to client and not server packets. He assumes that his draft and the not-you draft are orthogonal. - Sharon points out that an adversary can easily request information from a server that can be utilized for an attack. Data minimization should minimize this also for the server packets. Why mode 1 and mode 2 packets are not addressed by the draft? - Daniel: The goals of this draft are to solve the unlinkability issue with NTP and strengthened the unpredictability of the origin timestamp. - Sharon: NTP is a hierarchical protocol. Clients may also be server. Therefore, data minimization should consider client and server packets also. - Daniel will submit the new version of his draft and will wait for further comments about what should go into it. - Harlan expresses that it is fine to allow this draft to be applied in WAN environments but it should not be required to be applied in LAN environments. As Daniel points out, this draft requires only that a server must not reject packets which comply with this document. There are no additional hard requirments. - Karen: The time line for this document is about one month to do an initial review before a WGLC is issued. Next steps will be discussed during the Prag meeting. Summary - Adopted as a WG document, Daniel will publish as a wg document - Working group will have about a month to review, if no major issues identified will proceed to WGLC in early July. WAY FORWARD FOR draft-ietf-ntp-mac-00 - Aanchal reports that there were no comments or objections to this draft. Consequently, there are no changes. She recommend to issue a WGLC for it. - Karen: This is a short and straight forward draft. She would like to issue a WGLC. Any objections should be placed before 31th May. - No opposition. - Short discussion about agility of applied algorithms between Danny, Harlan and Karen. - Daniel: no objections for WGLC. He will place an feedback during WGLC. Summary - Document is stds track updating RFC 5905 - WG has until 31 May to indicate that the document is NOT ready for working group last call (WGLC) - If no strong opposition, document will go to WGLC in early June WAY FORWARD FOR DRAFTS RELATED TO EXTENSION FIELDS AND REFID STUFF draft-ietf-ntp-refid-updates draft-stenn-ntp-suggest-refid draft-stenn-ntp-i-do - Karen: There has been a lot of discussion which of the drafts should go on and which should be combined. - Danny suggest only to publish one refid draft only. - Harlan opposes. He already combined different refid drafts. - The refid-update draft is moving forward although it is currently expired (Sharon is working on this draft) - Sharon regards the not-you-refid draft as very important especially in the context of data minimization and unlinkability (it will be re-submitted by Harlan and Sharon) - Karen asks Harlan to submit a roadmap for the extension field and refid drafts to the WG, so that the WG knows what is currently on the agenda. - Tal supports Karen's suggestion to separate new features from RFC 7822bis. In case we decide to do a RFC 7822bis he proposes to use 'pseudo code' to clarify the changes. - Karen supports Tal's suggestion. - Harlan opens the discussion of having a single documents for each extension field or one document for all extension fields. - Daniel opposes to both extremes. He suggest to combine logically related extension fields into a single document. Like for example NTS. - Karen points at that set of extension fields may be publish as single RFCs and over time these RFCs can be rolled into a master documents. - Daniel suggest that such an consolidation should be done with a new NTP version. - At this point Karen interrupts this discussion. The rules of the consolidations can be defined later. - Karen reiterates that documents should be re-submitted for the meeting in Prag. Summary - Harlan/Sharon will republish https://datatracker.ietf.org/doc/draft-ietf-ntp-refid-updates/ - Harlan will provide a summary/roadmap for the remaining expired drafts (near term plan) - Harlan/Danny will insure that https://datatracker.ietf.org/doc/draft-mayer-ntp-mac-extension-field/ is covered somewhere OVERVIEW/SUMMARY/NEXT STEPS FOR THE YANG MODEL draft-wu-ntp-ntp-cfg - Ankit presents changes in the YANG data model between version 2 and 3 of the draft. The changes are (details see presentation: https://www.ietf.org/proceedings/interim-2017-ntp-01/slides/slides-interim-2017-ntp-01-sessa-a-yang-data-model-for-ntp-00.pdf) - Yang tree rearranged as per - NTP Interface - Use of presence - Yang Data-type correction - Removed autokey - No changs to the peer mode. - Ankit asks for WG adoption and more review comments - Danny points out a problem with the Yang date and time format of timestamps. NTP timestamps are 64 bit decimal. They are data no timestamps. - Tal supports the usage of decimal. Date and time does not make sense in this case. - Dhruv suggest to use both date and time and probably decimal. From the management point of view it would be helpful to have also data and time. They will clarify this. - The Yang Model must be adjusted if new extension fields are published. - Harlan ask for the concept of authorization. YANG and Netconf have a security concept for authorization, which is not yet adopted. This can and should be done in future versions. - No opposition to adopt this as a WG document. Summary - Karen will issue a WG call for adoption of the draft AOB - Danny: will revises the mac-extension-field draft. Harlan indicates that this is already incorporated by Harlan in one of his drafts. - Denis: TICTOC staff: What is the status of the Enterprise profile? - Karen: the plan is to publish the draft. She will remind Doug to proceed with it. - Kyle: ask for the purpose of the draft-ietf-ntp-mac draft because there is not much normative language. It should be more descriptive. It also needs test vectors. - Aanachal makes clear that the main purpose of this draft is do deprecate the MD5 legacy MAC. To use it for NTP packets it needs more descriptive language. - The draft 'draft-ietf-ntp-mac' will be a standard track update to RFC 5905.