IETF Logo Mail Archive

Re: [Ntp] WGLC for draft-ietf-ntp-mac

Harlan Stenn <stenn@nwtime.org> Thu, 10 August 2017 23:50 UTC

Return-Path: <ntp-bounces@ietf.org>
X-Original-To: ntp-archives-ahfae6za@lists.ietf.org
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E73471326D2; Thu, 10 Aug 2017 16:50:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1502409008; bh=t1ETcVfmm95uY/akLDGWoeWlBcOdYCu7csT+T83OOzc=; h=To:References:From:Date:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe; b=f8JKW3IoKiG4kbYAUkHnHBgI2IZ7iRfROmbae8zLQdi1ly5qDKobAvvLS8W7UotOk XEo3G7AUdzxziDTgLACmoOSKo6Vx3MD4aEKcwJxOMFR8FP30WwFbjkGPWof0ssBfZp Nsfh+Vbyu7W5lXMr6n+DNre19u5Iph62OBRtTl+g=
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA16B1324B4 for <ntp@ietfa.amsl.com>; Thu, 10 Aug 2017 16:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ha-mDlV71yR8 for <ntp@ietfa.amsl.com>; Thu, 10 Aug 2017 16:49:53 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [66.220.13.234]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B45481326C8 for <ntp@ietf.org>; Thu, 10 Aug 2017 16:49:53 -0700 (PDT)
Received: from [10.66.3.3] (96-41-166-181.dhcp.mdfd.or.charter.com [96.41.166.181]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 29FDCB989; Thu, 10 Aug 2017 23:49:53 +0000 (UTC)
To: ntp@ietf.org
References: <CF57EAFE-31F0-4ADD-A209-1802DB6CA643@isoc.org> <9d4f0475-89f7-d4c7-a8aa-787678c0a0e2@libertysys.com.au>
From: Harlan Stenn <stenn@nwtime.org>
Message-ID: <0ec0a23b-7c1e-84c9-850e-8837f1e8a191@nwtime.org>
Date: Thu, 10 Aug 2017 16:49:53 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <9d4f0475-89f7-d4c7-a8aa-787678c0a0e2@libertysys.com.au>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/3xJ2Q0AVMgWZpUis80cEECp2Kw8>
Subject: Re: [Ntp] WGLC for draft-ietf-ntp-mac
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntp-bounces@ietf.org
Sender: ntp <ntp-bounces@ietf.org>


On 8/10/2017 4:29 PM, Paul Gear wrote:
> On 09/08/17 14:53, Karen O'Donoghue wrote:
>> Folks,
>>
>> This begins a three week working group last call (WGLC) for "Message
>> Authentication Code for the Network Time Protocol"
>> https://datatracker.ietf.org/doc/draft-ietf-ntp-mac/
>>
>> Please review and provide comments to the mailing list by no later
>> than 31 August 2017. Earlier comments and discussion would be
>> appreciated. Please note that the chairs will be using this WGLC to
>> determine consensus to move this document forward to the IESG.
> 
> Hi everyone,
> 
> (Apologies in advance if this isn't an appropriate forum for these
> questions - please redirect me if this is the case.)
> 
> I'm trying to get a handle on this draft so I can intelligently answer
> questions about it next month at AusNOG, and I'm wondering if someone
> can comment on the on-the-wire implications for NTP implementations.  As
> I understand it, there are no proposed changes to the protocol's wire
> format under this draft, rather a simple substitution of the 128-bit MD5
> field for a 128-bit AES-CMAC field.

There are no protocol changes.  What changed is that we want to
deprecate MD5 as the default algorithm for MAC hashes, and replace it
with AES-128-CMAC.

The MAC includes a "key id", and the key ID maps to 2 pieces of
information: the algorithm, and the key.

> How then would an implementation distinguish between MACs in the two
> formats?

The implementation looks up the keyID and sees what hash algorithm is
used for that keyID.

> Is there an implicit assumption that if this draft is
> accepted, it will be rolled into a new protocol version specification
> for NTPv5, in which case any NTPv4 packet would be MD5, and any NTPv5
> packet would be AES-CMAC?

No.  This is still NTPv4, and folks are free to use whatever MAC hashing
algorithms are supported by both sides of the association.

> As a secondary issue, are there any working implementations of this
> change, and if so any benchmarks showing the effect (if any) of the change?

I believe some initial performance testing was done on the algorithms,
and that Sharon and Aanchal published these in their proposal.

The NTP Project is getting ready to release our implementation of it.
-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email