On unauthorised traffic

[fiestajetsam]

Ulrich writes:

On " servers receiving large amounts of unauthorised traffic [ntp-misuse] and the design of NTPv5 must ensure the risk of these can be minimized.": I think NTP cannot minimize the risk of such things (large amount of unauthorized traffic) to happen, but it can (or at least try to) handle the situation properly.

I don't completely agree, but if there's a better way to write this...

[hart-NTP]

I'm curious what you have in mind in saying in email "the design of NTPv5 could minimise (but not 100% mitigate) large amounts of unauthorised traffic." Ulrich likely had in mind that there's not much you can do with UDP to prevent flooding, and effective mitigation usually needs more/faster servers or upstream filtering. Remember that some client implementations are horrible, such as querying repeatedly at high rate until they get a useful response.

[fiestajetsam]

I agree that UDP is part of the issue here (and BCP 38 was supposed to be part of the solution to fix it, but well...) however there's something to be said about how protocols operate on top of UDP. that can either be exploited by how UDP works, or exacerbate UDP's flaws. This is something that needs some further thought, I am willing to bet later reviews will also expect greater clarity over this point.