IETF Logo Mail Archive

Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp

Martin Langer <mart.langer@ostfalia.de> Tue, 04 December 2018 09:52 UTC

Return-Path: <mart.langer@ostfalia.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCD95130E2E for <ntp@ietfa.amsl.com>; Tue, 4 Dec 2018 01:52:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sonia.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tkOIi4coDAt8 for <ntp@ietfa.amsl.com>; Tue, 4 Dec 2018 01:52:26 -0800 (PST)
Received: from mailgate1.sonia.de (mailgate1.sonia.de [141.41.1.242]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4624C130E01 for <ntp@ietf.org>; Tue, 4 Dec 2018 01:52:25 -0800 (PST)
Received: from mailgate1.sonia.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 34F0513D37 for <ntp@ietf.org>; Tue, 4 Dec 2018 10:52:23 +0100 (CET)
Received: from mail.sonia.de (mail.sonia.de [141.41.8.70]) by mailgate1.sonia.de (Postfix) with ESMTP id 22BF613D31 for <ntp@ietf.org>; Tue, 4 Dec 2018 10:52:23 +0100 (CET)
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: text/plain; charset="utf-8"; format="flowed"
Received: from [141.41.39.246] (unknown [141.41.39.246]) by mail.sonia.de (Oracle Communications Messaging Server 7.0.5.37.0 64bit (built Jan 25 2016)) with ESMTPSA id <0PJ700I6XI3AWM20@mail.sonia.de> for ntp@ietf.org; Tue, 04 Dec 2018 10:52:23 +0100 (CET)
Sender: mart.langer@ostfalia.de
To: ntp@ietf.org
References: <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org>
From: Martin Langer <mart.langer@ostfalia.de>
Message-id: <b4e17d31-967c-d613-2317-633f316e2c66@ostfalia.de>
Date: Tue, 04 Dec 2018 10:52:39 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.3.2
In-reply-to: <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org>
Content-language: en-US
X-Antivirus: Avast (VPS 181203-8, 03.12.2018), Outbound message
X-Antivirus-Status: Clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sonia.de; h=mime-version:content-transfer-encoding:content-type:sender:subject:to:references:from:message-id:date:in-reply-to; s=20140129; bh=NEVwtnXe6hadUaPjonMlb7mej9RRHDR0GPvjfiXUlcc=; b=k9CxeYt1EXBcog8eQNScqDf71NztrC0vKrbN6D6lZVGqpPTzIKMLFiM5PRP1Nc3VsVPK4xKrOahE0dgMAu/D7PrsfRemWtDgFwPRpo226kDd+ipgcfKP5CWMJ1/Prk51ifsmSUF/tMpuuIz7hZkCtKiIL0oxcb51S7oRVIkY3v8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/2aIzSk4oStyXNGIQFgfO0RrrbBA>
Subject: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2018 09:52:30 -0000

Hello together,

the current NTS draft is fine for me and I have just a few comments.


page 7:

"Implementations MUST NOT negotiate TLS versions earlier than 1.2,
SHOULD negotiate TLS 1.3 [RFC8446] or later when possible, and MAY
refuse to negotiate any TLS version which has been superseded by a
later supported version."

-> I guess the minimum TLS version MUST be 1.3. The effort for 
developers should be very small.
In OpenSSL, I only need one extra line of code to force TLS1.3 and 
disable TLS1.2. Many implementations
support the final TLS1.3 (RFC) or the latest TLS draft (see: 
https://github.com/tlswg/tls13-spec/wiki/Implementations).
The remaining platforms will probably follow soon. Therefore, I see no 
further need to support older TLS versions
than 1.3.



page 8:

"The semantics of record types 0-6 are specified in this memo."
-> must be '0-7'



page 15:

"Nonce length: Two octets in network byte order, ..."
-> must be 'Nonce Length:'



page 16:

"Additional Padding: Clients which use a nonce length shorter than
the maximum allowed by the negotiated AEAD algorithm may be
required to include additional zero-padding. The necessary length
of this field is specified below."

-> This confused me the first time. I thought it was a mistake and meant 
'minimum'.
'maximum' is right, but should we leave this information here?

Alternative form:
"Additional Padding: The nonce length used by the client maybe required
to include additional zero-padding depending on the negotiated AEAD
algorithm."



page 17:

"The purpose of the Additional Padding field is to ensure that servers
can always choose a nonce whose length is adequate to ensure its
uniqueness, even if the client chooses a shorter one, and still
ensure that the overall length of the server’s response packet. does
not exceed the length of the request."

-> in the penultimate line is a dot



page 19:

-> The timelines are different in length. (the client line need one more 
'-')



page 27:

"The Network Time Security Warning Codes Registry SHALL initally be
empty except for the reserved range, i.e.:"

-> typo: 'initially'



best regards,
Martin




Am 06.11.2018 um 21:46 schrieb Karen O'Donoghue:
> Folks,
>
> This message initiates a three plus week working group last call for:
>
> Network Time Security for the Network Time Protocol
> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
>
> Please review the referenced document and send any comments to the mailing list including your assessment of whether this document is mature enough to proceed to the IESG. Please note that these messages of support for progression to the mailing list will be used to determine WG consensus to proceed.
>
> Please send all comments in by COB on Friday 30 November. We realize this is a bit longer than normal but we are coming out of an IETF week and heading into the Thanksgiving holiday in the US.
>
> Thanks!
> Karen and Dieter
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

-- 
Martin Langer, M.Eng.
Ostfalia Hochschule für angewandte Wissenschaften
- Hochschule Braunschweig/Wolfenbüttel
University of Applied Sciences

Labor Datentechnik, Labor Design Digitaler Systeme
Fakultät Elektrotechnik
Salzdahlumer Straße 46/48
38302 Wolfenbüttel
Germany

Tel. : +49 5331 939 43370
Web  : https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer

v2.23.0 | Report a Bug | By Email