Hi, See answer to one question below
Best Regards Stefano -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Danny Mayer Sent: mercoledì 28 luglio 2010 14.07 To: Mikael Abrahamsson Cc: [email protected] Subject: Re: [TICTOC] Encrypting timing packets On 7/28/2010 4:45 AM, Mikael Abrahamsson wrote: > On Wed, 28 Jul 2010, Yaakov Stein wrote: > >> The problem is that you have to put in a timestamp that reflects the >> time the packet is placed on the wire. >> So you have to sign after timestamping, and unless this signature can >> be computed in zero time (or with completely deterministic latency >> that can be pre-added) the signing degrades the timing accuracy. > > Since things are timestamped on the ingress in the PHY in some cases > (1588), then perhaps the same methodology could be used here, in that > a device might add a compensation factor that includes how long the > signing took. This adjustment value would of course not be signed in > itself, but it could have a maximum value that would mean at least for > time, the signed stated time wouldn't be too much off (an attacker > could only tamper with the adjustment value) ? > > Or perhaps this doesn't really help, it's still a too big attack vector? > For server time setting it might be enough... Or is the recommendation > to just run NTP over IPSEC so NTP itself doesn't have to care? > Having NTP not care is much better except that the protocol used to transport the packets affect the latency and jitter of the timing offset. I'm not sure how you would even be able to measure that. It's one of the reasons that NTP will never use TCP for a transport. >> I think that this should be thoroughly tested. In systems that I have >> seen in the lab, the degradation rules out sub-microsecond accuracy. > > I have little doubt of that, but I can imagine applications where > sub-microsecond isn't needed but one still wants to know the time is > not off by more than that? Applications that don't need sub-microsecond accuracy can probably just stick with NTP. What I'm hearing in this WG is that the big potential consumers are areas like backhaul networks and femtocells. I haven't seen anyone spell out why they need sub-microsecond accuracy but I'm sure they have good reasons. SR: slide 7 in http://www.ietf.org/proceedings/78/slides/tictoc-4.ppt provides a few examples (and related specifcation), for applications requiring accuracy in the microsecond level . Danny _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
