Re: [Ntp] Antw: [EXT] Re: Quick review of WGLC for status change for draft‑ietf‑ntp‑update‑registries

Miroslav Lichvar <mlichvar@redhat.com> Tue, 09 August 2022 09:31 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56EE5C1594A9 for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 02:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.389
X-Spam-Level:
X-Spam-Status: No, score=-3.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TR4oIt3PxnE for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 02:31:35 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C60DBC14F718 for <ntp@ietf.org>; Tue, 9 Aug 2022 02:31:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1660037494; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=M8klXfFj6kyEXzRUzFfWY4i4judm8LhDxqmJDhX1sfg=; b=b5PlcPIC9E5qIPLRBi+GPdwZMt4H7y7RzzTDMJYiKnit6+LF98l4qkUxjKeykfBhjNcmaB kRFxh8oIqcUpyYKQOQpDTsa0qsCgO1n2o5USGyl8sj2rrysUBDv+mmsO0O6D/IvoOa4hpE 54G0GE5+vXnN6yCmg1K6Qc3AuGWniak=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-447-HONZJiwKOpq7Z5zPc--vxg-1; Tue, 09 Aug 2022 05:31:33 -0400
X-MC-Unique: HONZJiwKOpq7Z5zPc--vxg-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0EE253C0ED40; Tue, 9 Aug 2022 09:31:33 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 921CE492C3B; Tue, 9 Aug 2022 09:31:32 +0000 (UTC)
Date: Tue, 09 Aug 2022 11:31:31 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Harlan Stenn <stenn@nwtime.org>
Cc: ntp@ietf.org
Message-ID: <YvIpc/TcMTrcWFPZ@localhost>
References: <PH0PR06MB70611F2331D8255F7E2B6604C2999@PH0PR06MB7061.namprd06.prod.outlook.com> <0b4c7efa-3977-b588-0974-33b6a9437e52@nwtime.org> <62F0E9D3020000A10004C2EC@gwsmtp.uni-regensburg.de> <2d66fa3e-f750-e3d2-511e-594fa40d993d@nwtime.org> <62F0F4C7020000A10004C310@gwsmtp.uni-regensburg.de> <8faf7c64-8896-97ca-fa2e-2d762c7da1d8@nwtime.org> <YvEIf3g+Jjm27pUz@localhost> <f6b2b8ce-c4f8-72d9-8004-2bb13e1176e4@nwtime.org> <YvIUeUAkpXR7/lDS@localhost> <c109d057-bcce-862a-e264-69523f232fed@nwtime.org>
MIME-Version: 1.0
In-Reply-To: <c109d057-bcce-862a-e264-69523f232fed@nwtime.org>
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/KGyjJWFoJFtKlRTrgkuYQCyaJuI>
Subject: Re: [Ntp] Antw: [EXT] Re: Quick review of WGLC for status change for draft‑ietf‑ntp‑update‑registries
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 09:31:36 -0000

On Tue, Aug 09, 2022 at 02:11:11AM -0700, Harlan Stenn wrote:
> > > > 04 1b 00 14 cc e2 c8 47 71 95 79 64 c4 71 e8 72 7e bf fb cd

> > It's the UDP data following the NTP header.
> 
> I don't do this stuff in my head as well as I used to.
> 
> Is there a symmetric key for keyID 1051?  If so, what hash algorithm was
> used?

If interpreted as a MAC, the key ID would be 0x041b0014 (68878356),
i.e. in the Autokey range. The hash algorithm depends on the
configuration. It's not in the message.

> I'm not seeing that it's a valid EF (either V1 or V2).

It's a valid 20-octet EF with a type of 0x041b. That is a value that
could be assigned in future.

With RFC7822 we know it has to be a MAC, because it's too short to be
an EF. Without that we could only guess, e.g. by trying to
authenticate the message, but that wouldn't work if the client had an
old Autokey cookie (e.g. after server restart).

-- 
Miroslav Lichvar