Hi all,
here are the minutes from the last virtual NTP interim meeting at 25th May. You
may also find it under:
https://www.ietf.org/proceedings/interim-2017-ntp-01/minutes/minutes-interim-2017-ntp-01-201705251500-00
Dieter
NTP WG INTERIM MEETING
25 May 2017, 3 pm UTC
PARTICIPANTS:
Aanchal Malhotra, Ankit Kumar Sinha, Daniel Franke, Danny Meyer, Dave
Mills, Denis Reilly, Dhruv Dhody, Dieter Sibold, Harlan Stenn, Karen
O’Donoghue, Kristof Teichel, Kyle Rose, Miroslav Lichvar, Peter Meyer,
Richard Welty, Robert Nay, Robert Annessie, Ronan Flood, Sharon
Goldberg, Steward Bryant, Sue Graves, Tal Mizrahi, Yaakov Stein, Scott
Fluhrer
- Karen: Presentation of IETF Note Well
- Nobody opposed to record this meeting
AGENDA
- Network Time Security
- BCP
- Data Minimization
- Message Authentication Code
- Extension fields and RefID
- YANG Data Model
- AOB
OVERVIEW/SUMMARY/NEXT STEPS FOR THE NTS DOCUMENTS.
draft-ietf-ntp-network-time-security
draft-ietf-ntp-network-time-security
- Daniel reported on the draft 'draft-ietf-ntp-network-time-security'.
- The normative parts of the draft are more or less final.
- The Security Consideration section will be extended before the
next submission.
- Daniel plans to submit the changed version by the end of March
and will request the WGLC for it immediately after. The WGLC
will cover the draft 'draft-ietf-ntp-network-time-security'
only. It will not cover the other NTS related specifications.
- Summary of the changes:
- Reduction of the size of the NTS next protocol negotiation
record
- Changes to the IANA Consideration section
- Corrections of some inconsistencies which results from the
removal of the DLTS packet smuggling
- Management of keys and cookies for load balanced servers
- Karen proposes to give the working group a one week time frame to
comment on the draft. After that period the the WGLC shall be issued
if there is no objections against it. She would like to have a
virtual interim meeting by the end of June to discuss the results
from the WGLC. Because this interim meeting would take place just
two weeks before the next IETF meeting all participants agreed to
not have it.
- Kristof will update the generic draft
'draft-ietf-ntp-network-time-security' by the end of June.
Summary
- Daniel to publish update by 26 May.
- WG has until 31 May to indicate that the document is NOT ready for
working group last call (WGLC)
- If no strong opposition, document will go to WGLC in early June.
- Kristof will work on updating the generic NTS document by the end of
June.
BCP: OVERVIEW/SUMMARY/ NEXT STEPS FROM THE WGLC
draft-ietf-ntp-bcp
- In April Denis submitted an update of the document. The changes were
based on the comments received during the WGLC period.
- An additional update of the documents were submitted last Monday
(version 4), based on some additional feedback. It contains text
changes for the leap seconds, autokey, anycast sections.
- Denis points out that even when the document talks about the
reference implementation it brings up ideas that are applicable to
other implementations as well.
- Denis makes clear that all the feedback of the WGLC are incorporated
into the latest version of the draft.
- Karen asks if we received feedback that indicates that the draft is
not ready for publication if this feedback is not incorporated.
- Denis: Daniel suggested mandatory changes to the autokey section in
order to approve the document. The draft was updated accordingly.
This was the only feedback that was requested to be fixed.
- Daniel indicates no objection to the changes made.
- Karen: if there are no opposition by tomorrow it can be submitted
for publication.
- Karen describes the next steps necessary for publication of the
document. Next steps include approval by the AD, a IETF Last Call,
IESG review.
- Sharon ask for the appropriate time to sum minor comments on the
draft.
- Denis ask for a dead line for minor changes.
- Karen: Minor changes until May 31th.
Summary
- Update addressing all WGLC comments has been published.
- WG has until 31 May to indicate that the updated document should NOT
be forwarded to the IESG.
- Chairs will forward to IESG in early June if there is no strong
opposition.
WAY FORWARD FOR
draft-dfranke-ntp-data-minimization-02
- Karen: There have been no objections to adopt this draft. It will be
approved as a WG document
- Daniel will submit a new version of the draft. It will contain a
change regarding the precision field which was requested by Harlan.
- Sharon points out that with regard to data minimization it makes
sense to also minimize the information leak in the refid field.
Together with Harlan she is working on this subject, e.g. in the
not-you draft. Should this work go into this draft also?
- Daniel points out that his data minimization draft pertain only to
client and not server packets. He assumes that his draft and the
not-you draft are orthogonal.
- Sharon points out that an adversary can easily request information
from a server that can be utilized for an attack. Data minimization
should minimize this also for the server packets. Why mode 1 and
mode 2 packets are not addressed by the draft?
- Daniel: The goals of this draft are to solve the unlinkability issue
with NTP and strengthened the unpredictability of the origin
timestamp.
- Sharon: NTP is a hierarchical protocol. Clients may also be server.
Therefore, data minimization should consider client and server
packets also.
- Daniel will submit the new version of his draft and will wait for
further comments about what should go into it.
- Harlan expresses that it is fine to allow this draft to be applied
in WAN environments but it should not be required to be applied in
LAN environments. As Daniel points out, this draft requires only
that a server must not reject packets which comply with this
document. There are no additional hard requirments.
- Karen: The time line for this document is about one month to do an
initial review before a WGLC is issued. Next steps will be discussed
during the Prag meeting.
Summary
- Adopted as a WG document, Daniel will publish as a wg document
- Working group will have about a month to review, if no major issues
identified will proceed to WGLC in early July.
WAY FORWARD FOR
draft-ietf-ntp-mac-00
- Aanchal reports that there were no comments or objections to this
draft. Consequently, there are no changes. She recommend to issue a
WGLC for it.
- Karen: This is a short and straight forward draft. She would like to
issue a WGLC. Any objections should be placed before 31th May.
- No opposition.
- Short discussion about agility of applied algorithms between Danny,
Harlan and Karen.
- Daniel: no objections for WGLC. He will place an feedback during
WGLC.
Summary
- Document is stds track updating RFC 5905
- WG has until 31 May to indicate that the document is NOT ready for
working group last call (WGLC)
- If no strong opposition, document will go to WGLC in early June
WAY FORWARD FOR DRAFTS RELATED TO EXTENSION FIELDS AND REFID STUFF
draft-ietf-ntp-refid-updates
draft-stenn-ntp-suggest-refid
draft-stenn-ntp-i-do
- Karen: There has been a lot of discussion which of the drafts should
go on and which should be combined.
- Danny suggest only to publish one refid draft only.
- Harlan opposes. He already combined different refid drafts.
- The refid-update draft is moving forward although it is currently
expired (Sharon is working on this draft)
- Sharon regards the not-you-refid draft as very important especially
in the context of data minimization and unlinkability (it will be
re-submitted by Harlan and Sharon)
- Karen asks Harlan to submit a roadmap for the extension field and
refid drafts to the WG, so that the WG knows what is currently on
the agenda.
- Tal supports Karen's suggestion to separate new features from RFC
7822bis. In case we decide to do a RFC 7822bis he proposes to use
'pseudo code' to clarify the changes.
- Karen supports Tal's suggestion.
- Harlan opens the discussion of having a single documents for each
extension field or one document for all extension fields.
- Daniel opposes to both extremes. He suggest to combine logically
related extension fields into a single document. Like for
example NTS.
- Karen points at that set of extension fields may be publish as
single RFCs and over time these RFCs can be rolled into a master
documents.
- Daniel suggest that such an consolidation should be done with a
new NTP version.
- At this point Karen interrupts this discussion. The rules of the
consolidations can be defined later.
- Karen reiterates that documents should be re-submitted for the
meeting in Prag.
Summary
- Harlan/Sharon will republish
https://datatracker.ietf.org/doc/draft-ietf-ntp-refid-updates/
- Harlan will provide a summary/roadmap for the remaining expired
drafts (near term plan)
- Harlan/Danny will insure that
https://datatracker.ietf.org/doc/draft-mayer-ntp-mac-extension-field/
is covered somewhere
OVERVIEW/SUMMARY/NEXT STEPS FOR THE YANG MODEL
draft-wu-ntp-ntp-cfg
- Ankit presents changes in the YANG data model between version 2 and
3 of the draft. The changes are (details see presentation:
https://www.ietf.org/proceedings/interim-2017-ntp-01/slides/slides-interim-2017-ntp-01-sessa-a-yang-data-model-for-ntp-00.pdf)
- Yang tree rearranged as per
- NTP Interface
- Use of presence
- Yang Data-type correction
- Removed autokey
- No changs to the peer mode.
- Ankit asks for WG adoption and more review comments
- Danny points out a problem with the Yang date and time format of
timestamps. NTP timestamps are 64 bit decimal. They are data no
timestamps.
- Tal supports the usage of decimal. Date and time does not make
sense in this case.
- Dhruv suggest to use both date and time and probably decimal.
From the management point of view it would be helpful to have
also data and time. They will clarify this.
- The Yang Model must be adjusted if new extension fields are
published.
- Harlan ask for the concept of authorization. YANG and Netconf have a
security concept for authorization, which is not yet adopted. This
can and should be done in future versions.
- No opposition to adopt this as a WG document.
Summary
- Karen will issue a WG call for adoption of the draft
AOB
- Danny: will revises the mac-extension-field draft. Harlan indicates
that this is already incorporated by Harlan in one of his drafts.
- Denis: TICTOC staff: What is the status of the Enterprise profile?
- Karen: the plan is to publish the draft. She will remind Doug to
proceed with it.
- Kyle: ask for the purpose of the draft-ietf-ntp-mac draft because
there is not much normative language. It should be more descriptive.
It also needs test vectors.
- Aanachal makes clear that the main purpose of this draft is do
deprecate the MD5 legacy MAC. To use it for NTP packets it needs
more descriptive language.
- The draft 'draft-ietf-ntp-mac' will be a standard track update
to RFC 5905.
-------------------------------------
Dr. Dieter Sibold
Physikalisch-Technische Bundesanstalt
Q.42 - Serversysteme und Datenhaltung
QM-Verantwortlicher der Stelle IT
Bundesallee 100
D-38116 Braunschweig
Tel: +49-531-592-84 20
E-Mail: [email protected]_______________________________________________
TICTOC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tictoc
