Re: UDP/123 policers & status

Hello, I am one of the authors of the NTS for NTP specification, . Steven described this well, and as he wrote, the first step in the NTS procedure is to contact a Key Establishment (KE) server, the KE server will point to the

Re: UDP/123 policers & status

> On 27 Mar 2020, at 18:54, Saku Ytti wrote: > > On Fri, 27 Mar 2020 at 19:48, Ragnar Sundblad wrote: > >> Is this really what the ISP community wants - to kill off port 123, >> and force NTP to move to random ports? > > Make NST attenuation vector, so

Re: UDP/123 policers & status

> On 28 Mar 2020, at 23:29, Bottiger wrote: ... > Broken protocols need to be removed and blacklisted at every edge. A protocol isn’t broken just because it can be abused when spoofed, it is abused. Even TCP can be abused in that way. Should we blacklist and remove TCP? > Pushing the responsi

Re: UDP/123 policers & status

> On 28 Mar 2020, at 23:58, Harlan Stenn wrote: > >> Steven Sommars said: >>> The secure time transfer of NTS was designed to avoid >>amplification attacks. > > Uh, no. Yes, it was. As Steven said, “The secure time transfer of NTS was designed to avoid amplification attacks”. I would eve

Re: UDP/123 policers & status

> On 29 Mar 2020, at 00:35, Harlan Stenn wrote: > > Ragnar, > > On 3/28/2020 4:09 PM, Ragnar Sundblad wrote: >> >>> On 28 Mar 2020, at 23:58, Harlan Stenn wrote: >>> >>>> Steven Sommars said: >>>>> The secure time

Re: UDP/123 policers & status

> On 29 Mar 2020, at 01:18, Harlan Stenn wrote: > > Ragnar, > > On 3/28/2020 4:59 PM, Ragnar Sundblad wrote: >> >> >>> On 29 Mar 2020, at 00:35, Harlan Stenn wrote: >>> >>> Ragnar, >>> >>> On 3/28/2020 4:09 PM, R

Re: UDP/123 policers & status

5:35 PM, Ragnar Sundblad wrote: >> >> >>> On 29 Mar 2020, at 01:18, Harlan Stenn wrote: >>> >>> Ragnar, >>> >>> On 3/28/2020 4:59 PM, Ragnar Sundblad wrote: >>>> >>>> >>>>> On 29 Mar 202

Re: UDP/123 policers & status

> On 30 Mar 2020, at 08:18, Saku Ytti wrote: > > On Mon, 30 Mar 2020 at 01:58, Ragnar Sundblad wrote: > >> A protocol with varying packet size, as the NTS protected NTP is, >> can easily have the bad property of having responses larger than the >> requests if

Re: UDP/123 policers & status

> On 30 Mar 2020, at 11:08, Harlan Stenn wrote: ... > Are y'all seriously recommending that NTP always sends a max-sized > packet as a client request so the client/server can send back an > identical response? The request only has to be larger than or equal size of the response, they don’t bot

Re: UDP/123 policers & status

> On 17 Apr 2020, at 01:28, Harlan Stenn wrote: > > I found this as an unsent draft - I hope I didn't send it before. > > On 3/30/2020 2:01 AM, Ragnar Sundblad wrote: >> >> >>> On 30 Mar 2020, at 08:18, Saku Ytti wrote: >>> >&g

Re: UDP/123 policers & status

not sure what you're talking about. > > H > > On 4/17/20 1:32 AM, Ragnar Sundblad wrote: >> >> >>> On 17 Apr 2020, at 01:28, Harlan Stenn wrote: >>> >>> I found this as an unsent draft - I hope I didn't send it before. >>>