[ntpwg] NTS: The question of CMS vs. (D)TLS
kristof.teichel@ptb.de Fri, 05 June 2015 10:58 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0DF11ACD83 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Fri, 5 Jun 2015 03:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mxIVEvFQ6Bn for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Fri, 5 Jun 2015 03:57:59 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id D1E111B2E98 for <ntp-archives-ahFae6za@lists.ietf.org>; Fri, 5 Jun 2015 03:57:59 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 88F3686DAE4 for <ntp-archives-ahFae6za@lists.ietf.org>; Fri, 5 Jun 2015 10:57:59 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 9185786D4A6 for <ntpwg@lists.ntp.org>; Fri, 5 Jun 2015 09:58:21 +0000 (UTC)
Received: from mx1.bs.ptb.de ([192.53.103.106]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <kristof.teichel@ptb.de>) id 1Z0oOA-00061s-5d for ntpwg@lists.ntp.org; Fri, 05 Jun 2015 09:58:21 +0000
Received: from mx1.bs.ptb.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 7FF92D815EF for <ntpwg@lists.ntp.org>; Fri, 5 Jun 2015 11:58:07 +0200 (CEST)
Received: from rose.bs.ptb.de (rose.bs.ptb.de [141.25.85.201]) by mx1.bs.ptb.de (Postfix) with ESMTP id 6DBD1CEC73C for <ntpwg@lists.ntp.org>; Fri, 5 Jun 2015 11:58:07 +0200 (CEST)
To: ntpwg@lists.ntp.org
MIME-Version: 1.0
X-KeepSent: 782BF2A6:6279FB98-C1257E5B:003389DB; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP3 January 13, 2015
Message-ID: <OF782BF2A6.6279FB98-ONC1257E5B.003389DB-C1257E5B.0036C269@ptb.de>
From: kristof.teichel@ptb.de
Date: Fri, 05 Jun 2015 11:58:06 +0200
X-MIMETrack: Serialize by Router on ROSE/PTB(Release 9.0.1FP3HF79 | February 9, 2015) at 06/05/2015 11:58:07, Serialize complete at 06/05/2015 11:58:07
X-SA-Exim-Connect-IP: 192.53.103.106
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: kristof.teichel@ptb.de
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: [ntpwg] NTS: The question of CMS vs. (D)TLS
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8241501514285487465=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
Hello all of you, as promised in the WebEx meeting yesterday, here is a short description of what we intend to do about the question of CMS vs. DTLS (or other external security mechanisms) for the initial exchange of NTS security data. (1) Main draft (draft-ietf-ntp-network-time-security): - For this draft, we intend to leave the question completely open. This draft will only state which cryptographic data needs to be exchanged for bootstrapping NTS (that is to say: association, authentication, and cookie exchange), and describe what the security conditions for this exchange are (for example: the cookie needs to be exchanged in a way that guarantees authenticity and secrecy). - The message exchanges belonging to the bootstrapping process (i.e: association exchange, cookie exchange and probably broadcast parameter exchange) will be moved to an informational appendix, This appendix will state that implementing these exchanges properly is one possible way of securely communicating the data required for bootstrapping. (2) Draft for utilization of NTS for NTP (draft-ietf-ntp-using-nts-for-ntp) - In this draft, we intend to specify that for bootstrapping, an implementation MUST support the use of the CMS-based message exchanges, as described in the informational appendix mentioned above. - We will further specify that an implementation MAY also support other methods for bootstrapping, for example exchanging the necessary data via DTLS or DANE. Any such method needs to fulfill the requirements given in the main draft. We would welcome written feedback on this approach, especially from Richard (because making the support of CMS-based exchanges madatory constitutes a considerable work assignment to him) and from Florian (because he was the one who advocated techniques different from defining our own bootstrapping exchanges). Best regards, Kristof and Dieter
_______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- [ntpwg] NTS: The question of CMS vs. (D)TLS kristof.teichel
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS Florian Weimer
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS Richard Welty
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS Richard Welty
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS dieter.sibold
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS Florian Weimer
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS dieter.sibold
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS kristof.teichel
- Re: [ntpwg] NTS: The question of CMS vs. (D)TLS Florian Weimer
- [ntpwg] Antwort: Re: NTS: The question of CMS vs.… kristof.teichel