Re: [Ntp] I-D Action: draft-ietf-ntp-update-registries-09.txt
"Windl, Ulrich" <u.windl@ukr.de> Thu, 07 December 2023 07:10 UTC
Return-Path: <u.windl@ukr.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52D0EC14F61B for <ntp@ietfa.amsl.com>; Wed, 6 Dec 2023 23:10:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvxOF9U3cEfL for <ntp@ietfa.amsl.com>; Wed, 6 Dec 2023 23:10:30 -0800 (PST)
Received: from mail01.ukr.de (mail01.ukr.de [193.175.194.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A102C138FA3 for <ntp@ietf.org>; Wed, 6 Dec 2023 23:10:27 -0800 (PST)
X-CSE-ConnectionGUID: A1yd5drWSi6Q9gSErEKUxg==
X-CSE-MsgGUID: 8rgnbmeySK+gk/EQsCFYyw==
X-ThreatScanner-Verdict: Negative
X-IronPort-AV: E=McAfee;i="6600,9927,10916"; a="520595"
X-IronPort-AV: E=Sophos;i="6.04,256,1695679200"; d="scan'208";a="520595"
Received: from unknown (HELO ukr-excmb02.ukr.local) ([172.24.6.62]) by dmz-infcsg01.ukr.dmz with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Dec 2023 08:10:24 +0100
Received: from ukr-excmb03.ukr.local (172.24.6.63) by ukr-excmb02.ukr.local (172.24.6.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.34; Thu, 7 Dec 2023 08:10:23 +0100
Received: from ukr-excmb03.ukr.local ([fe80::1cb4:6e0c:6da4:a8a0]) by ukr-excmb03.ukr.local ([fe80::1cb4:6e0c:6da4:a8a0%4]) with mapi id 15.01.2507.034; Thu, 7 Dec 2023 08:10:23 +0100
From: "Windl, Ulrich" <u.windl@ukr.de>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Hal Murray <halmurray@sonic.net>
CC: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] I-D Action: draft-ietf-ntp-update-registries-09.txt
Thread-Index: AQHaKFT/haYwa+czgE6IGzflR5vB7bCdY88w
Date: Thu, 07 Dec 2023 07:10:23 +0000
Message-ID: <f519a82b72f943188cd02935c983d576@ukr.de>
References: <rsalz@akamai.com> <450EAC4D-E24E-4E04-9239-EB0356784822@akamai.com> <20231206070233.8BEE328C1C3@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <47774BCF-6DE1-45C4-AA31-6F942C4D1501@akamai.com>
In-Reply-To: <47774BCF-6DE1-45C4-AA31-6F942C4D1501@akamai.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.24.3.1]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/PG-dtZfUGUF4Ibx-7YZ3eyHMRzo>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-update-registries-09.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2023 07:10:34 -0000
Hi!
Reading RFC 7822 one could get the impression that a "crypto NAK" is a MAC:
" If a MAC is used, it resides at the end of the packet. This field
can be either 24 octets long, 20 octets long, or a 4-octet
crypto-NAK."
Also:
" However, a MAC
is not mandatory after an extension field; an NTPv4 packet can
include one or more extension fields without including a MAC."
And
" In NTPv4, one or more extension fields can be inserted after the
header and before the MAC, which is always present when an
extension field is present."
Now what? MAC optional or not?
" In NTPv4, one or more extension fields can be inserted after the
header and before the MAC, if a MAC is present."
So no extension fields without a MAC?
Later on:
" In NTPv4, one or more extension fields can be inserted after the
header and before the MAC, if a MAC is present."
But if there may be an extension field only when a MAC is present, what's the sense of all this?
Even more confusing:
" A MAC MUST NOT be longer than 24 octets if there is no extension
field present, unless a longer MAC is agreed upon by both client
and server."
And I wish the rules in 7.5.1.4. were explained.
An abstract parsing algorithm would help to understand.
Kind regards,
Ulrich
-----Original Message-----
From: ntp <ntp-bounces@ietf.org> On Behalf Of Salz, Rich
Sent: Wednesday, December 6, 2023 4:00 PM
To: Hal Murray <halmurray@sonic.net>
Cc: ntp@ietf.org
Subject: [EXT] Re: [Ntp] I-D Action: draft-ietf-ntp-update-registries-09.txt
> NTPv4 packets may contain a MAC (Message Authentication Code) that appears
> where you would expect an extension but it does NOT have the type/length
> header of an extension. RFC 7822 has the details of how MACs can coexist with
> extensions.
There is already some wording there in section 2.2:
> [RFC7822] clarified the processing rules for Extension Field Types, particularly around
> the interaction with the Message Authentication Code (MAC) field.
Which I updated to merge in your text:
> {{RFC7822}} clarified the processing rules for Extension Field Types,
> particularly around the interaction with the Message Authentication Code
> (MAC) field. NTPv4 packets may contain a MAC, but it appears where one would
> expect an extension even though it does not have the type/length header of an
> extension.
_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] I-D Action: draft-ietf-ntp-update-registrie… internet-drafts
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Miroslav Lichvar
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Hal Murray
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: I-D Action: draft-ietf-ntp-up… Windl, Ulrich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Danny Mayer
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… James Browning
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Salz, Rich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Hal Murray
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Salz, Rich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Salz, Rich
- Re: [Ntp] [EXT] I-D Action: draft-ietf-ntp-update… Windl, Ulrich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Salz, Rich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Windl, Ulrich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Hal Murray
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Salz, Rich
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Danny Mayer
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Hal Murray
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Miroslav Lichvar
- Re: [Ntp] I-D Action: draft-ietf-ntp-update-regis… Miroslav Lichvar