IETF Logo Mail Archive

Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-26.txt

Ragnar Sundblad <ragge@netnod.se> Sun, 22 March 2020 16:13 UTC

Return-Path: <ragge@netnod.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3463A0418 for <ntp@ietfa.amsl.com>; Sun, 22 Mar 2020 09:13:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netnod-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPB6wFXgDg5L for <ntp@ietfa.amsl.com>; Sun, 22 Mar 2020 09:13:26 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E84223A0400 for <ntp@ietf.org>; Sun, 22 Mar 2020 09:13:25 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id w4so11774202lji.11 for <ntp@ietf.org>; Sun, 22 Mar 2020 09:13:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netnod-se.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MnSClTVOucCN+LKQFcZv6xjDCkT+KpDeWCi+m0eKbtk=; b=UKs/cU4JOlZ1bUZbEphI+MTJM5YfQxu4OOFaKSdgYdKSpBNzk6Rc6BYwvThukgIWtV 8Jh8OCB1z3IP7zwkxdD3mORTU7dsow+QOzPLPMUOjCDzZwQlUCCFW8786tRDMG1g5ofn sGikTeKkSkBP3AlWMnuMVdp3fmAOMor4Re/ffomTmyTJT0PzYMGzN6dJ1qKumNtyySAb sgMa16PlJYRCshpvgE8TznhFXG7ZHkkMGIe3IqJWnnCdWbbjxziiMKuwl/OKyJ0SyiFX UI0HV2kquJ898mz5ubyDVVKDzQfVTCu/27q6dCRdHrPSVysfNZ5D9sZUyl1Ui5NspCFh 2kEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MnSClTVOucCN+LKQFcZv6xjDCkT+KpDeWCi+m0eKbtk=; b=l/hWmGiTetSTea0SJMmt28NGl02JoRQSI/t3DuOqL3ErCX5k/1GidH2Y/PIKyMmlun lg0YcsOAn9otTjdn4Cvkn/XXs7lBvbn6IatCh8FKkUJ5/cnYPa3ORejpHFk5c5ZxctOC TVPArR5hCXrdhenqARzvs6rpYHmE4FHvpGQRr+qEkavxSMnaGudhRiEgggD+uVJXjLye woLyYxZWQb/UyRS6+yEDF2F0HtXQaEKXndLQSLTSeG3OqhcPZbxuW/BIC5CG9dkGU3/T 3jRlb13q9dcQb7drvuKp43ZRbKQ55FgWEb8T39OIREAGeWNDulrVOSAIDWithsrq/zlC 5QvA==
X-Gm-Message-State: ANhLgQ22+A5Lv3zub8eatrgYujkMSNCNLteZgxdKyHUtLIp77ZL5QQke X+tyaVWgbp4mKFDxg0skpSDytZZKRfXjGQ==
X-Google-Smtp-Source: ADFU+vuwwk2XDGk0otvxw7jgQ003S35nYIl2jw8iU7mlvAfY/12GWd98dcMwIA1JgwjyuDr6Xf+Krg==
X-Received: by 2002:a05:651c:106:: with SMTP id a6mr11503491ljb.143.1584893603670; Sun, 22 Mar 2020 09:13:23 -0700 (PDT)
Received: from [10.0.1.14] (h-122-211.A530.priv.bahnhof.se. [213.80.122.211]) by smtp.gmail.com with ESMTPSA id v18sm6971129lfd.57.2020.03.22.09.13.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Mar 2020 09:13:22 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
From: Ragnar Sundblad <ragge@netnod.se>
In-Reply-To: <158489213611.8926.4820937280103802042@ietfa.amsl.com>
Date: Sun, 22 Mar 2020 17:13:22 +0100
Cc: Suresh Krishnan <Suresh@kaloom.com>, Karen O'Donoghue <odonoghue@isoc.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <10AB8359-7BB8-4AF0-B230-650EEC1223A3@netnod.se>
References: <158489213611.8926.4820937280103802042@ietfa.amsl.com>
To: ntp@ietf.org, Sandra Murphy <sandy@tislabs.com>, Benjamin Kaduk <kaduk@mit.edu>, Éric Vyncke <evyncke@cisco.com>, Magnus Westerlund <magnus.westerlund@ericsson.com>, Barry Leiba <barryleiba@computer.org>, Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/OEDx_lyX2bTccGEpMKBw9IbG8C4>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-26.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2020 16:13:29 -0000

All,

We would again like to thank all of you who have sent comments and
discuss issues, and for the overwhelming response from the reviewers
and others.

We also got some comments on the comments. With this version, we hope
to have addressed those too.

- No TLS 1.2
During this work, it became apparent that keeping support for TLS 1.2
and correctly covering for the differences between TLS 1.2 and TLS 1.3
would be a lot of work, with the risk of getting something wrong or
missing on important issues, in the specification or in the
implementations.

The last time the issue of 1.2 support was up for debate, there were
some operating systems that would not support TLS 1.3, and there was a
concern that this would impair the protocol adoption rate. Today most
(all?) major operating systems do have TLS 1.3 capable libraries in
their later versions.

Several of the reviewers questioned why TLS 1.2 was supported, and the
same have others done before.

We therefore decided to drop support for TLS 1.2.

For older operating systems, an NTS enabled NTP implementation can
still be linked with a separate TLS library that supports 1.3, a bit
inconvenient, but doable.

- New TLS export disambiguating label string
As we had a techincal change in there already, we also changed the TLS
export disambiguating label string to be more aligned with what is the
standard form today, to "EXPORTER-network-time-security”.

Best regards,
Ragnar Sundblad


> On 22 Mar 2020, at 16:48, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network Time Protocol WG of the IETF.
> 
>        Title           : Network Time Security for the Network Time Protocol
>        Authors         : Daniel Fox Franke
>                          Dieter Sibold
>                          Kristof Teichel
>                          Marcus Dansarie
>                          Ragnar Sundblad
> 	Filename        : draft-ietf-ntp-using-nts-for-ntp-26.txt
> 	Pages           : 44
> 	Date            : 2020-03-22
> 
> Abstract:
>   This memo specifies Network Time Security (NTS), a mechanism for
>   using Transport Layer Security (TLS) and Authenticated Encryption
>   with Associated Data (AEAD) to provide cryptographic security for the
>   client-server mode of the Network Time Protocol (NTP).
> 
>   NTS is structured as a suite of two loosely coupled sub-protocols.
>   The first (NTS-KE) handles initial authentication and key
>   establishment over TLS.  The second handles encryption and
>   authentication during NTP time synchronization via extension fields
>   in the NTP packets, and holds all required state only on the client
>   via opaque cookies.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-26
> https://datatracker.ietf.org/doc/html/draft-ietf-ntp-using-nts-for-ntp-26
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-ntp-using-nts-for-ntp-26
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email