Re: [ntpwg] WG: Re: draft-ietf-ntp-cms-for-nts-message

Danny Mayer <mayer@ntp.org> Wed, 09 March 2016 17:49 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 282D412D89B for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 9 Mar 2016 09:49:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([127.0.0.1]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwhiSDLhuVKv for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 9 Mar 2016 09:48:54 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC3212D88C for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 9 Mar 2016 09:48:54 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 07A7786DB86 for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 9 Mar 2016 17:48:53 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id C7A3686DB1D for <ntpwg@lists.ntp.org>; Wed, 9 Mar 2016 17:48:25 +0000 (UTC)
Received: from [198.22.153.130] (helo=[10.2.184.94]) by mail1.ntp.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1adiDf-000P2E-2M; Wed, 09 Mar 2016 17:48:24 +0000
References: <OFC8F7CB89.90B878C5-ONC1257F71.0043F802-C1257F71.0044007B@ptb.de>
To: kristof.teichel@ptb.de, ntpwg@lists.ntp.org
From: Danny Mayer <mayer@ntp.org>
X-Enigmail-Draft-Status: N1110
Organization: NTP
Message-ID: <56E061E5.3090407@ntp.org>
Date: Wed, 09 Mar 2016 12:48:21 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <OFC8F7CB89.90B878C5-ONC1257F71.0043F802-C1257F71.0044007B@ptb.de>
X-SA-Exim-Connect-IP: 198.22.153.130
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org, kristof.teichel@ptb.de
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] WG: Re: draft-ietf-ntp-cms-for-nts-message
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Reply-To: mayer@ntp.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

My possibly erroneous assumption was that the protocol will include an
identifier to indicate which hashing algorithm to use for the digest and
that it be configurable outside the protocol. There shouldn't be any
limits on those algorithms especially as new ones become available on a
regular basis and it's better not to bake any particular flavour into
the protocol. Was I wrong?

I'm not sure I understood Jim's comment about authenticated encryption.
Can someone comment and explain what that means and what are the
implications and does it require an already valid time?

Danny

On 3/9/2016 7:22 AM, kristof.teichel@ptb.de wrote:
> Russ
> 
> from our point of view there is no real reason not to include the
> suggested changes. Apart from the CMS-draft we shall have to introduce
> additional changes at least to the draft-ietf-network-time-security in
> order to make non hmac  MAC algorithm negotiable.
> 
> We shall send you the proposed changes in the CMS draft  and also
> include  the proposed ASN.1 module additions.
> 
> Dieter
> 
> -------------------------------------
> Dr. Dieter Sibold
> Physikalisch-Technische Bundesanstalt
> Q.42 - Serversysteme und Datenhaltung
> QM-Verantwortlicher der Stelle IT
> Bundesallee 100
> D-38116 Braunschweig
> Tel:    +49-531-592-84 20
> E-Mail: dieter.sibold@ptb.de
> 
> 
> Russ Housley <housley@vigilsec.com> schrieb am 09.03.2016 00:34:50:
> 
>> Von: Russ Housley <housley@vigilsec.com>
>> An: "Jim Schaad" <ietf@augustcellars.com>
>> Kopie: <draft-ietf-ntp-cms-for-nts-message@tools.ietf.org>
>> Datum: 09.03.2016 00:35
>> Betreff: Re: draft-ietf-ntp-cms-for-nts-message
>>
>> Jim:
>>
>> That is a pretty simple change.  I support it.
>>
>> Do the other authors of this document agree?
>>
>> Russ
>>
>>
>> On Mar 8, 2016, at 3:53 PM, Jim Schaad wrote:
>>
>> > This draft popped up for an early review of content types due to the
> fact
>> > that it is going to be released soon in OPENSSL.  I would like to
> strongly
>> > push back on one of the features that is being placed in the
> structures for
>> > algorithm selection.
>> >
>> > You are fixing thing to only use HMAC by using the term
> hmacHashAlgos.  What
>> > happens when NIST produces a MAC algorithm using the SHA-3 hash
> functions
>> > which does not require HMAC?  Is there a reason for not making this
> field a
>> > set of MAC algorithm identifiers?  RFC 4231 defines HMAC OIDs for
> all of the
>> > SHA-2 algorithms and RFC 3370 defines the same for SHA-1.
>> >
>> > Also, I experience a small irritation that you are not using
> authenticated
>> > encryption but that is somewhat understandable.
>> >
>> > Jim
>> >
>> >
>>

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg