[ntpwg] [dhcwg] draft-gayraud-dhcpv6-ntp-opt-01.txt

Danny Mayer mayer at ntp.isc.org
Fri Mar 21 03:07:58 UTC 2008 

TS Glassey wrote:
> Benoit... Bernie - The people who have to sign off on the use of DHCP's NTP 
> service model are the auditor community so it would be easier if the 
> terminology was more specific to their use than ours IMHO...
> 

No. This is the IETF working group, not the auditors working group. An 
auditor needs to learn the lingo of the IETF if they are going to be 
able to do a credible job of auditing. This is a red herring. We don't 
discuss auditing here.

> More commentary inline below.
> 
> todd glassey//
> 
> ----- Original Message ----- > Bernie Volz (volz) wrote:
>>> In addition after attending today's NTP session, I think you'd be far
>>> better to:
>>>
>>> 1. Make use of the existing OPTION_SNTP_SERVERS (RFC4075) but request
>>> that IANA rename this to OPTION_NTP_SERVERS and explain why (that SNTP
>>> refers to a client implementation, not the server and thus it should
>>> be NTP_SERVERS which can be used by either NTP or SNTP clients).
> 
> But there is another trust/use issue from the evidence gathering side, and 
> that is that NTP and SNTP Sources need to be known independantly, especially 
> since in a secured environment it may be necessary to pass a AutoKEY token 
> with the DHCP response to allow for use of Time in an environment where all 
> access is controlled and logged.
> 

It makes no difference whether or not it's an NTP server or an SNTP 
server. The NTP protocol is identical whether you are dealing with NTP 
or SNTP servers and clients. You already know the source addresses and 
this is not relevant to the DHCP protocol.

>> That's not quite right. Yes, I'm being picky. There are SNTP servers
>> defined in RFC4330 and in the NTPv4 draft, but they can be used by
>> either NTP servers (on their client side) as well as by SNTP clients.
>> NTP servers can be used by either NTP servers (on their client side) as
>> well as by SNTP clients.
> 
> You mean "used in SNTP Mode" and that is OK as long as that server is setup 
> for use in that manner, i.e. doesnt have AutoKEY setup for all Unicast & 
> Multicast requests one would think eh?
> 

No I meant what I said. It doesn't matter what the server is. Autokey 
would benefit by using DHCP options to distribute it. The problem with 
distributing autokey is that it needs to be associated with the server 
address since it is specific with that server.


>> What would be the use of this? It doesn't have anythnig to do with NTP
>> since NTP doesn't care about domains. Can you clarify?
> 
> Yes - Many DOMAIN NAME stratification's may call for differing levels of 
> evidentiary colleciton of data from, and so this does indeed make sense.
> 

No. NTP does not care about domains and does not use them. The only 
network part that's important to NTP is the server, peer, broadcast 
addresses.

Danny

More information about the ntpwg mailing list