Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-using-nts-for-ntp-22.txt> (Network Time Security for the Network Time Protocol) to Proposed Standard

Russ Housley <housley@vigilsec.com> Wed, 19 February 2020 08:21 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 711CD1200DF for <ntp@ietfa.amsl.com>; Wed, 19 Feb 2020 00:21:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QndEVTDblVDZ for <ntp@ietfa.amsl.com>; Wed, 19 Feb 2020 00:21:31 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FC2F1200CD for <ntp@ietf.org>; Wed, 19 Feb 2020 00:21:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id B5EA5300B04 for <ntp@ietf.org>; Wed, 19 Feb 2020 02:54:49 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 9AKeMiyGFdAa for <ntp@ietf.org>; Wed, 19 Feb 2020 02:54:47 -0500 (EST)
Received: from client-141-23-186-148.wlan.tu-berlin.de (client-141-23-186-148.wlan.tu-berlin.de [141.23.186.148]) by mail.smeinc.net (Postfix) with ESMTPSA id 7DDB7300A0A; Wed, 19 Feb 2020 02:54:46 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <f93956b4-9440-f827-d202-819f04645ae0@dansarie.se>
Date: Wed, 19 Feb 2020 03:21:25 -0500
Cc: last-call@ietf.org, ntp@ietf.org, Suresh Krishnan <suresh@kaloom.com>, draft-ietf-ntp-using-nts-for-ntp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A9F2DD09-6C74-4268-A76A-4EC16E8CDBEE@vigilsec.com>
References: <158169157632.16127.5189378582509283109.idtracker@ietfa.amsl.com> <D33A88BA-65E1-4529-9825-B943F7AE5976@vigilsec.com> <f93956b4-9440-f827-d202-819f04645ae0@dansarie.se>
To: Marcus Dansarie <marcus@dansarie.se>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/6YGDfd0Hvwtz8Cyyqs4RPUOhaVQ>
Subject: Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-using-nts-for-ntp-22.txt> (Network Time Security for the Network Time Protocol) to Proposed Standard
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2020 08:21:33 -0000

Marcus:

See below ...

> Thank you for reviewing the draft and providing comments! I've discussed
> the issues with the other authors. Please see our answers below.
> 
> Kind regards,
> Marcus
> 
> On 2020-02-17 14:22, Russ Housley wrote:
>> Section 3 says: "... NTS-KE server's private certificate."  Certificates
>> are public.  I assume that you are talking about a private key here.
> 
> Indeed. This will be fixed.
> 
>> Section 4.1.5 says: "...  denoting Numeric Identifiers from the IANA
>> AEAD registry [RFC5116]".  I think it would be more useful to provide a
>> pointer to the registry instead of the RFC that created the registry.
> 
> This makes sense, although we are unsure about what the best practice
> is. Do you (or anyone else) know if there's IETF guidance on how to
> reference IANA registries?

RFC 8708 says this for a specific registry:

   [IANA-LMS] IANA, "Leighton-Micali Signatures (LMS)",
              <https://www.iana.org/assignments/leighton-micali-
              signatures/>.

>> Section 4.1.7 says: "...an IPv4 address in dotted decimal notation, an
>> IPv6 address, or ...". This is followed by a sentence on the format of
>> the IPv6 address and s sentence on IDNs.  I think a parallel structure
>> would be more clear.  Please list the choices, and then discuss the
>> format used for each of the choices.
> 
> To fix this, we suggest changing the paragraph to:
> 
> "The contents of the string SHALL be either an IPv4 address, an IPv6
> address, or a fully qualified domain name (FQDN). IPv4 address MUST be
> in dotted decimal notation. IPv6 addresses MUST conform to the "Text
> Representation of Addresses" as specified in [RFC4291] and MUST NOT
> include zone identifiers [RFC6874]. If internationalized labels are
> needed in the domain name, the A-LABEL syntax specified in [RFC5891]
> MUST be used."

I liked the text proposed for the last sentence by Patrik.  Otherwise, this looks fine to me.

>> Section 7.1: I believe the contact should be iesg@ietf.org
>> <mailto:iesg@ietf.org> (not chair@ietf.org <mailto:chair@ietf.org>).
> 
> Section 8.1.1. of RFC 6335 says to use chair@ietf.org.

I stand corrected.

Russ