[Ntp] Switching NTS to AES-GCM-SIV?

Miroslav Lichvar <mlichvar@redhat.com> Tue, 23 April 2019 15:46 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AAE3120454 for <ntp@ietfa.amsl.com>; Tue, 23 Apr 2019 08:46:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EfGhI8LcbJOj for <ntp@ietfa.amsl.com>; Tue, 23 Apr 2019 08:46:32 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FC58120453 for <ntp@ietf.org>; Tue, 23 Apr 2019 08:46:32 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 182645A59 for <ntp@ietf.org>; Tue, 23 Apr 2019 15:46:32 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C9EB5D719 for <ntp@ietf.org>; Tue, 23 Apr 2019 15:46:31 +0000 (UTC)
Date: Tue, 23 Apr 2019 17:46:16 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: ntp@ietf.org
Message-ID: <20190423154616.GB11966@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 23 Apr 2019 15:46:32 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/J6w0XrkzH7CWdPMb5OzYgOgaKtA>
Subject: [Ntp] Switching NTS to AES-GCM-SIV?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 15:46:34 -0000

Hi,

there is a new standard for AES-GCM-SIV

https://tools.ietf.org/html/rfc8452

In the list archive I found some comments that this algorithm was
rejected for being only a draft at the time. That has changed and we
may want to reconsider it as the mandatory algorithm required by NTS.
At the very least, the performance should be better, which I'd very
like to see improved, and there may be other advantages.

Is it too late for NTS to switch?

-- 
Miroslav Lichvar