Hi Yang,
> time of encryption or MAC calculation varies on different devices (typically > in order of less than mili-sec), it is not easy to implement constant latency > method with high accuracy. The encryption latency is less relevant than the encryption latency jitter. Depending on the implementation, the latency jitter of the encryption block can be brought down to near-zero-jitter. I agree it is not easy to implement, but there are existing products that do this. Of course I agree that from an implementation perspective it is easier to achieve the same latency in two-step timestamping, and this may be a more delicate way to phrase the idea in the draft. > Since protocols like PTP has accuracy in the range of micro-sec to mili-sec, > and BTW, in some applications PTP accuracy is measured in nanoseconds nowadays. For example, in UMTS (ETSI TS 125 105) the requirement is for 65 ns accuracy. BR Tal. From: Cui Yang [mailto:[email protected]] Sent: Monday, March 12, 2012 11:09 AM To: Tal Mizrahi; [email protected] Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Hi, Tal Thank you for your comments. Please find my answer in the following: 1. I am afraid that “The one-step timestamping is not accurate”, is not an assumption but a conclusion, IMO. As we have analyzed in the Sec 2 in the new draft, encryption time does not affect the two-step timestamping, but does influence the one-step protocol. Because e1 (encryption time of sync message sent by Master) must be calculated after the timestamp was struck, it definitely introduces errors. As you mentioned that some existing products employ the one-step and constant latency method, I think it could be done but depend on the error margin. Since protocols like PTP has accuracy in the range of micro-sec to mili-sec, and time of encryption or MAC calculation varies on different devices (typically in order of less than mili-sec), it is not easy to implement constant latency method with high accuracy. While on the other hand, two-step timestamping could remove the influence of e1, completely. So that , we can focus on dealing with the errors by decryption time. But I think it is good to note this fact in Sec 2.3 that one existing method for one-step timestamping is to take care of the constant delay, if error margin is acceptable. The academic paper you noted is interesting and the data that it provides is helpful, as well. We will include it in our reference later (and also for other papers someone commented before). Thanks for reminding me. 2. The reason you mentioned is one of the motivations we submitted a new draft. Others are that we would not like to restrict the solution uniquely to “identifier packets” by draft-xu-tictoc-ipsec-security-for-synchronization. After a lengthy discussion (even continuing now), we feel it necessary clarifying use cases, and comparing all possible practical solutions. Thank you! Best regards, Yang ================== Yang Cui, Ph.D. Huawei Technologies [email protected]<mailto:[email protected]> 发件人: Tal Mizrahi [mailto:[email protected]] 发送时间: 2012年3月11日 17:24 收件人: Cui Yang; [email protected] 主题: RE: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Hi Yang, A couple of comments: 1. The assumption in the draft is that one-step timestamping is not accurate. However, it is basically a question of implementation. It is possible to perform one-step timestamping and to perform constant-latency-encryption/decryption. Furthermore, there are existing products that do exactly that. There are a few academic papers that deal with the accuracy of encrypted PTP, for example see A. Treytl, B. Hirschler, “Securing IEEE 1588 by IPsec tunnels - An analysis”. 2. If I understand the goal of this draft correctly, it appears to be presenting the motivation for draft-xu-tictoc-ipsec-security-for-synchronization. If this is indeed the case, you may want to consider integrating the two drafts. BR Tal Mizrahi. From: [email protected] [mailto:[email protected]] On Behalf Of Cui Yang Sent: Wednesday, March 07, 2012 5:35 AM To: [email protected] Subject: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Hi, all, I have posted a new draft that discusses the practical solutions for encrypted synchronization protocols. Since we have discussed a lot on this problem, and the security requirement of synchronization also noted that confidentiality may need protection, especially in case that the confidentiality protection is mandatory. Synchronization should be available when the traffic is encrypted. The influences by the encryption are explained, and several possible solutions have been discussed. The URL is below, please review and comment. Title : Practical solutions for encrypted synchronization protocol Author(s) : Y. Cui, M. Bhatia, D. Zhang Filename : draft-cui-tictoc-encrypted-synchronization-00.txt Pages : 10 Date : Mar. 1, 2012 This informational document analyzes the accuracy issues with time synchronization protocols when time synchronization packets are encrypted during transmission. In addition, several candidate solutions on such issues are introduced. A URL for this Internet-Draft is: http://datatracker.ietf.org/doc/draft-cui-tictoc-encrypted-synchronization Thanks, Yang ================== Yang Cui, Ph.D. Huawei Technologies [email protected]<mailto:[email protected]>
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
