IETF Logo Mail Archive

[ntpwg] NTS: The question of CMS vs. (D)TLS

kristof.teichel@ptb.de Fri, 05 June 2015 10:58 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0DF11ACD83 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Fri, 5 Jun 2015 03:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mxIVEvFQ6Bn for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Fri, 5 Jun 2015 03:57:59 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id D1E111B2E98 for <ntp-archives-ahFae6za@lists.ietf.org>; Fri, 5 Jun 2015 03:57:59 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 88F3686DAE4 for <ntp-archives-ahFae6za@lists.ietf.org>; Fri, 5 Jun 2015 10:57:59 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 9185786D4A6 for <ntpwg@lists.ntp.org>; Fri, 5 Jun 2015 09:58:21 +0000 (UTC)
Received: from mx1.bs.ptb.de ([192.53.103.106]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <kristof.teichel@ptb.de>) id 1Z0oOA-00061s-5d for ntpwg@lists.ntp.org; Fri, 05 Jun 2015 09:58:21 +0000
Received: from mx1.bs.ptb.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 7FF92D815EF for <ntpwg@lists.ntp.org>; Fri, 5 Jun 2015 11:58:07 +0200 (CEST)
Received: from rose.bs.ptb.de (rose.bs.ptb.de [141.25.85.201]) by mx1.bs.ptb.de (Postfix) with ESMTP id 6DBD1CEC73C for <ntpwg@lists.ntp.org>; Fri, 5 Jun 2015 11:58:07 +0200 (CEST)
To: ntpwg@lists.ntp.org
MIME-Version: 1.0
X-KeepSent: 782BF2A6:6279FB98-C1257E5B:003389DB; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP3 January 13, 2015
Message-ID: <OF782BF2A6.6279FB98-ONC1257E5B.003389DB-C1257E5B.0036C269@ptb.de>
From: kristof.teichel@ptb.de
Date: Fri, 05 Jun 2015 11:58:06 +0200
X-MIMETrack: Serialize by Router on ROSE/PTB(Release 9.0.1FP3HF79 | February 9, 2015) at 06/05/2015 11:58:07, Serialize complete at 06/05/2015 11:58:07
X-SA-Exim-Connect-IP: 192.53.103.106
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: kristof.teichel@ptb.de
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: [ntpwg] NTS: The question of CMS vs. (D)TLS
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8241501514285487465=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

Hello all of you,

as promised in the WebEx meeting yesterday, here is a short description of 
what we intend to do about the question of CMS vs. DTLS (or other external 
security mechanisms) for the initial exchange of NTS security data.

(1) Main draft (draft-ietf-ntp-network-time-security):
- For this draft, we intend to leave the question completely open. This 
draft will only state which cryptographic data needs to be exchanged for 
bootstrapping NTS (that is to say: association, authentication, and cookie 
exchange), and describe what the security conditions for this exchange are 
(for example: the cookie needs to be exchanged in a way that guarantees 
authenticity and secrecy).
- The message exchanges belonging to the bootstrapping process (i.e: 
association exchange, cookie exchange and probably broadcast parameter 
exchange) will be moved to an informational appendix, This appendix will 
state that implementing these exchanges properly is one possible way of 
securely communicating the data required for bootstrapping.

(2) Draft for utilization of NTS for NTP 
(draft-ietf-ntp-using-nts-for-ntp)
- In this draft, we intend to specify that for bootstrapping, an 
implementation MUST support the use of the CMS-based message exchanges, as 
described in the informational appendix mentioned above.
- We will further specify that an implementation MAY also support other 
methods for bootstrapping, for example exchanging the necessary data via 
DTLS or DANE. Any such method needs to fulfill the requirements given in 
the main draft.


We would welcome written feedback on this approach, especially from 
Richard (because making the support of CMS-based exchanges madatory 
constitutes a considerable work assignment to him) and from Florian 
(because he was the one who advocated techniques different from defining 
our own bootstrapping exchanges).

Best regards,
Kristof and Dieter
_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email