r1 - 2008-03-12 - 20:02:02 - SteveKosteckeYou are here: NTP >  IETF Web > JabberLog20080312
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
(12:56:31 PM) sventers: audio is muted, somebody please say hi so can see if it works
(12:58:58 PM) Danny: I noitced that too
(12:59:34 PM) yjs: is there audio now ?

(12:59:39 PM) Danny: voice now
(12:59:41 PM) sventers: Yes, thanks
(1:01:25 PM) yjs: will start in a minute
(1:03:20 PM) bkhabs: Yes, I am on-line

(1:03:35 PM) bkhabs: I have audio.
(1:03:39 PM) Danny: hi Brian
(1:03:43 PM) Danny: yes
(1:04:08 PM) Stewart Bryant: 4 drafts admitted to be discussed

(1:04:43 PM) yjs: Karen is updating her "update" slide on-line
(1:04:43 PM) Stewart Bryant: Karen looking for slides
(1:05:46 PM) yjs: Jim updating on ntpv4 protocol draft (with problems in ppt file)

(1:06:02 PM) Stewart Bryant: slides have a technical problem
(1:06:56 PM) yjs: karen updating on MIB
(1:07:08 PM) yjs: Chris not here, although he updated the MIB
(1:07:19 PM) yjs: ready for WG LC

(1:07:38 PM) Stewart Bryant: any comments on mib??
(1:07:48 PM) yjs: karen will issue WG LC this week
(1:07:56 PM) Stewart Bryant: Now going to autokey
(1:08:44 PM) yjs: going back to JIm's presentation now that he has the PDF file instead of ppt

(1:08:59 PM) yjs: last meeting was discussion on timestamp position
(1:09:38 PM) yjs: text was proposed by Greg/Yaakov/Stewart, and Dave Mill's commented on this as well
(1:10:51 PM) yjs: karen suggests removing the new text and producing a small RFC on this
(1:11:25 PM) Stewart Bryant: mark says why not do in tictoc - as part of on-path

(1:11:29 PM) sventers: Maybe just defer and figure out if informational later (in tictoc?)
(1:12:14 PM) Stewart Bryant: Yaakov says - if v4 should be here - if v5 should be tictoc - and why informational
(1:12:48 PM) bkhabs: Can someone voice that I agree with Greg's point?
(1:12:54 PM) sventers: Only problem with defer is that folks are already starting to ship H/W servers with V4.

(1:12:59 PM) Stewart Bryant: Greg - not relavent to current v4
(1:14:21 PM) Stewart Bryant: Mark collect material beyound cut-off to Tictoc
(1:14:40 PM) Danny: I agree with Karen's proposal and put it in a different doc. Not clear if it belongs here or TICTOC
(1:15:29 PM) Danny: Nothing prevents it from being part of ntpv4 since it's more a driver issue

(1:15:54 PM) Stewart Bryant: Greg - this lies in the gap between TT and NTP WG
(1:16:30 PM) wej left the room.
(1:16:59 PM) Stewart Bryant: Greg proto doc would be OK without this
(1:17:07 PM) sventers: Are the H/W vendors in the room ok with eventually adjusting to future definition of timestamp location?

(1:17:39 PM) Danny: need to add an agenda item to decide where this goes
(1:18:22 PM) Stewart Bryant: Greg - not possible to strike a timestamp in a bitstream - adjustment is virtual
(1:18:45 PM) yjs: seems to be consensus to strike this sentence and take care of this in TICTOC
(1:20:06 PM) yjs: discussion on importance of precise position

(1:20:10 PM) bkhabs: We are now veering well off-course for the charter of NTP.
(1:20:18 PM) Danny: we seems to be disucssing timestamp
(1:20:19 PM) yjs: agreement that this needs more work and will be left for TT
(1:20:39 PM) yjs: Jim: KOD packet timestamps - added Danny's text

(1:20:54 PM) yjs: and lots of editorial nit fixes
(1:21:07 PM) Stewart Bryant: no - will be TS doc will be in TT or NTP depending on what we think when the draft is written
(1:21:15 PM) Danny: promise to review the latest text
(1:21:42 PM) yjs: open item: references to appendix that are arguably normative need to be moved to main doc

(1:23:45 PM) Stewart Bryant: need to make sure all normaitive text is in main body of txt not appendix
(1:26:17 PM) Stewart Bryant: YJS - pleas clarify what is normative
(1:26:49 PM) Stewart Bryant: Example - state tables
(1:29:03 PM) john.zhao left the room (Computer went to sleep).

(1:29:26 PM) sventers: BTW, where's the IETF rule that says no normative text in Appndx? (I've seen it in the ITU.)
(1:30:56 PM) Stewart Bryant: Mark saying code should not be normative - but a good instructive example
(1:33:08 PM) Danny: the code is already free for use
(1:34:27 PM) yjs: ITU discriminates between an appendix and an annex

(1:34:40 PM) yjs: IEEE 802 defines normative "Pascal" code instead of English language
(1:35:12 PM) sventers: How about IETF rules?
(1:35:17 PM) yjs: Greg - there were simply not enough people to fully document all of Mill's (changing) code

(1:36:01 PM) sventers: COnverting code to English is good plan for releaseing doc in 2018
(1:37:20 PM) yjs: Karen - will try to fix all this during the week
(1:37:28 PM) sventers: Is it reasonable to have a new version this week for last call?
(1:37:39 PM) yjs: Jim - in that case we will do another WGLC

(1:38:16 PM) Stewart Bryant: karen - it depends - may be optimistic
(1:38:30 PM) Stewart Bryant: May be ok to do the analysis
(1:39:07 PM) sventers: It's already pretty good, should we lower the scope of the changes to make this week reasonable?
(1:41:42 PM) yjs: no more remarks on the proto doc

(1:41:58 PM) yjs: Karen - next doc is Autokey
(1:42:58 PM) john.zhao left the room (Replaced by new connection.).
(1:43:05 PM) yjs: Mill's updated, pedning security advisor review
(1:44:43 PM) yjs: Greg says that Mills did a very good job of clarifying the existing Autokey

(1:45:18 PM) acmacm left the room (Replaced by new connection).
(1:45:47 PM) Danny: I promise review soon
(1:47:03 PM) Danny: order of priority is NTPv4 and then autokey
(1:48:55 PM) yjs: need to rev document for IANA considerations section (no actions needed)

(1:49:16 PM) Danny: autokey is dependent on NTPv4 document
(1:50:18 PM) Danny: cannot do last call on autokey until done with NTPv4
(1:51:05 PM) yjs: we can hold the reving for 2 weeks hoping that we get the security review by then
(1:51:05 PM) yjs: Karen - next topic is DHCP

(1:51:41 PM) yjs: Benoit presenting
(1:51:42 PM) Danny: pplease use microphone
(1:51:53 PM) yjs: Danny - do you hear now?
(1:52:01 PM) Danny: not well

(1:52:27 PM) Danny: better
(1:52:36 PM) Stewart Bryant: changing mikes again
(1:52:38 PM) yjs: operators want to centrally configure IP services using DHCP
(1:52:44 PM) Danny: great

(1:52:44 PM) yjs: advertise NTP server locations
(1:52:47 PM) Stewart Bryant: OK on audio now
(1:53:09 PM) yjs: need to address Internet (big I) and private networks
(1:54:55 PM) yjs: removed all parameters except NTP server location, add FQDN with applicability statement, need to clarify SNTP

(1:55:23 PM) Danny: the clarification on SNTP is wrong
(1:56:08 PM) yjs: Danny - do you want me to say something to mike ?
(1:56:16 PM) Danny: yes
(1:56:53 PM) Stewart Bryant: plaease wait to last slide

(1:57:22 PM) yjs: explaining option structure - container for either IPv6 address sub-option or FQDN sub-option
(1:57:29 PM) yjs: option can appear many times
(1:57:54 PM) yjs: Greg asks if expected if only IPv6
(1:58:03 PM) yjs: benoit - could you both v4 and v6

(1:58:24 PM) yjs: Greg: DHCPv6 doesn't care ?
(1:58:40 PM) yjs: benoit - no need to specify here
(1:59:46 PM) Danny: SNTP servers are the same as NTP servers for all NTP and SNTP clients
(1:59:47 PM) bkhabs left the room.

(1:59:48 PM) yjs: what will be fate of SNTP RFC (4075) ? will be obsoleted?
(2:00:17 PM) yjs: could make this one NTP/SNTP (rework of parameters already done)
(2:00:46 PM) smeuse left the room.
(2:00:48 PM) yjs: and deprecate 4075

(2:01:01 PM) Danny: not necessary to clarify. See NTPv4
(2:01:02 PM) yjs: Danny ?
(2:01:27 PM) Danny: SNTP servers are the same as NTP servers for all NTP and SNTP clients
(2:02:01 PM) Danny: sure

(2:02:38 PM) yjs: OK?
(2:02:51 PM) Danny: right
(2:02:58 PM) Danny: obsolete
(2:03:35 PM) yjs: Karen - take to list

(2:04:57 PM) yjs: need to work out issue - this is still an individual draft
(2:05:10 PM) yjs: technically most people who have read seem to be happy
(2:05:14 PM) Danny: draft needs additional work in security considerations to deal with the amplificiation attack potential
(2:05:40 PM) Danny: I'm not quite happy yet

(2:06:44 PM) yjs: Yorke - IPv6 DHCP normally uses names and not addresses
(2:06:59 PM) yjs: Benoit : want to supprto both
(2:08:12 PM) yjs: YJS asked Danny's question, Benoit answers that this is a general DHCPv6 issue and can only be addressed by banning names altogether
(2:08:40 PM) Danny: it just needs to be in security considerations

(2:09:14 PM) yjs: Karen - state in DHCP WG ?
(2:09:37 PM) yjs: Benoit : waiting for feedback to make WG item
(2:10:29 PM) yjs: Karen - he decision was that it would be an item here, not in the DHCP WG (similar to MIBs)
(2:10:48 PM) Stewart Bryant: Rev one more time then review in both WGs

(2:10:52 PM) yjs: wrap-up
(2:11:23 PM) yjs: proceed to WG LC for MIB and autokey
(2:11:34 PM) yjs: protocol spec needs the work on normative references
(2:11:59 PM) Mark Townsley: i've sent an email to the IESG to clarify the normative appendix question

(2:12:20 PM) yjs: DHCP needs to be rev'ed and will become WG item either here or in DHCP WG
(2:13:06 PM) yjs: done with agenda. what about TICTOC requirements ?
(2:13:22 PM) yjs: what about maintenance of v4 ?
(2:13:27 PM) yjs: need to think about these

(2:13:54 PM) harlan: is the IETF twiki a good place to track those items Karen?
(2:14:30 PM) yjs: Greg - lots of discussion over resources, but TICTOC scope seems to be particular applications
(2:15:05 PM) yjs: past NTP WG participants - please be vocal on list
(2:15:26 PM) harlan: There will be cases where in NTP+TICTOC, NTP should "Drive", and other places where TICTOC should drive (I'm talking about the clock)

(2:17:28 PM) yjs: Stewart - need to schedule TT and NTP close enough together so that people can easily attend both
(2:18:00 PM) Stewart Bryant left the room.
(2:18:25 PM) harlan left the room.
(2:18:31 PM) Mark Townsley: I'd like to see as much work as possible be in as few places as possible. So, NTP WG wraps up and work moves to tic toc. tic toc still needs to decide whether its requirements can fit in "extensions to ntpv4" or requires a full rev to ntpv5. That will only be decided as the requirements are settled on in tictoc.

(2:20:13 PM) Danny: I'm not clear on TICTOC's chart as opposed to NTP's
(2:21:13 PM) Mark Townsley: NTP: document NTPv4 as deployed. The line Greg drew verbally early in the meeting. New work is done in tictoc based on the requirements outlined there.
(2:21:38 PM) Mark Townsley: This means NTP should finish and close soon, and all the people doing work there to please join the tictoc effort.
(2:22:27 PM) Mark Townsley: NTP+ becomes a tictoc effort

(2:23:06 PM) Mark Townsley: Is that more clear?
(2:23:42 PM) Danny: sort of. I'll read their charter
(2:24:05 PM) john.zhao left the room (Replaced by new connection.).

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback