Re: [Ntp] RFC 5297 Questions
Daniel Franke <dfoxfranke@gmail.com> Wed, 25 October 2023 11:36 UTC
Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2DFC151065 for <ntp@ietfa.amsl.com>; Wed, 25 Oct 2023 04:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBcUaI74v-6h for <ntp@ietfa.amsl.com>; Wed, 25 Oct 2023 04:36:02 -0700 (PDT)
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5E61C15108C for <ntp@ietf.org>; Wed, 25 Oct 2023 04:36:02 -0700 (PDT)
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-1e5bc692721so3554051fac.0 for <ntp@ietf.org>; Wed, 25 Oct 2023 04:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698233761; x=1698838561; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=xaNLDDEBEtlsWC0+Vv4sxU7WCRcqw9itldjzwy+BTKA=; b=gT9BactfDmpLSMfW76plFHmyslkXhjcuCwOYOjSJ/LqmU6/nSH22+XmoMZGP7F5T3/ NFRxsG/dMMPBiuOoPOX0+izFX1OZ0zD1md0X1VHdNqtSvoYDEBIPr2dlLP86fPaG5jdK qp5SCrxkuAS7R+T8ygJ4wweZIiePz0lm4KpdoLewMCNceU1xzV2v6LG9N0YLhxSa9kGw PsF4twTxQELZ2Qw2Z+zZsNTzQqaojZX0v3kyNhO7M58RAHy6JDY90JqIbDj/W6b1Gg/E DgaTg4P9smyOhDsCczA++sTDmQKfc16Npc84PWiAhS9wVkOHntr/pR6EQwRvSEpxZGQ4 UeHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698233761; x=1698838561; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xaNLDDEBEtlsWC0+Vv4sxU7WCRcqw9itldjzwy+BTKA=; b=h/Sn+pQIP7a+gNEZZ5F4Zn7PqMnL1UeKx2Y94aHs8Cqhye/ext8ynXbvhuL6iL4uGD P2sklGueoWkcpy1P85JxPByXAtz/MvTx9+iGsw8/Tqj5OZa3RNt9mcRgQs4SDpSOtARl V7QPj38zA2uSsRqEO20vbEQVPGWb6Hq8dkxS5fhPqI77LbvoEIvnlgTaCDSmnOa/DXUH NtW4CAF47qMKSr/Ot5lVDTS5MIkXquVpwNB9pQsQwGG0EYdT7X9xrS5eBeh26C2lIYjD 2lYXBl9jKwfrJkT1lZkPYD+3oTjXhTG9bjT5nFCxIopjw6ve9zCN+LmXs2l5k8UgHTfJ pruQ==
X-Gm-Message-State: AOJu0YxGi6qUfjWeUCUBAzyanea1dNZqJ1HZCm61W7fR6yStwQdasXLl fti19O2hYr7J+lPWyAkDXwueTI0Ikz4T02XVdQxR0xuI4DU=
X-Google-Smtp-Source: AGHT+IFj98ZtOMKk/SGHl5mUQRzi1TCD40m2YuBPEGu7zrDCoizBdsO76CS0CUHPx4uFORqhUd5XMlLFytwcY4vVuKs=
X-Received: by 2002:a05:6871:825:b0:1e9:a917:cf46 with SMTP id q37-20020a056871082500b001e9a917cf46mr17220224oap.19.1698233761187; Wed, 25 Oct 2023 04:36:01 -0700 (PDT)
MIME-Version: 1.0
References: <MW4PR00MB1528917C9E2C8EA97FC297ACA7DEA@MW4PR00MB1528.namprd00.prod.outlook.com> <ZTjBJz4CkgD0LQU6@localhost>
In-Reply-To: <ZTjBJz4CkgD0LQU6@localhost>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Wed, 25 Oct 2023 07:35:50 -0400
Message-ID: <CAJm83bBUNjXUycmL3fo7K7xo+Hn86eqYeQCOtx=Ok1qTSML-+g@mail.gmail.com>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: Daniel Havey <dahavey=40microsoft.com@dmarc.ietf.org>, "ntp@ietf.org" <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/1V9yoiexgI4qSJw_y6yE40LMyo4>
Subject: Re: [Ntp] RFC 5297 Questions
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2023 11:36:07 -0000
On Wed, Oct 25, 2023 at 3:18 AM Miroslav Lichvar <mlichvar@redhat.com> wrote: > NTS requires TLSv1.3, which is not FIPS-compliant (yet?). At least > that's what I heard when I asked why gnutls blocks TLSv1.3 in FIPS > mode. Again, this framing doesn't make sense. FIPS-140 has nothing to say about protocols like TLS 1.3. FIPS-140 is a standard for cryptographic modules, that is, *implementations* (whether software or hardware) of cryptographic *primitives*. What the gnutls people probably told you is that the version of *their* cryptographic module which has completed the FIPS CMVP doesn't support all the functions they need for implementing TLS 1.3 on top of it. Others definitely do and have for a long time, e.g., my second hit on "tls 1.3 fips" is https://www.wolfssl.com/tls-1-3-combined-fips-fips-tls13-4/ which is dated November 2018.
- [Ntp] RFC 5297 Questions Daniel Havey
- Re: [Ntp] RFC 5297 Questions Daniel Franke
- Re: [Ntp] RFC 5297 Questions Erik Kline
- Re: [Ntp] RFC 5297 Questions Miroslav Lichvar
- Re: [Ntp] RFC 5297 Questions Daniel Franke
- Re: [Ntp] RFC 5297 Questions Hal Murray
- Re: [Ntp] RFC 5297 Questions Miroslav Lichvar