[Ntp] NTS for NTPv5
David Venhoek <david@venhoek.nl> Sun, 05 November 2023 10:14 UTC
Return-Path: <david@venhoek.nl>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02619C18E183 for <ntp@ietfa.amsl.com>; Sun, 5 Nov 2023 02:14:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venhoek-nl.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9-0HjeVBnbi for <ntp@ietfa.amsl.com>; Sun, 5 Nov 2023 02:14:28 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFD2FC17C534 for <ntp@ietf.org>; Sun, 5 Nov 2023 02:14:28 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-544455a4b56so1649277a12.1 for <ntp@ietf.org>; Sun, 05 Nov 2023 02:14:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venhoek-nl.20230601.gappssmtp.com; s=20230601; t=1699179266; x=1699784066; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=pLVdjdEVnABRFJCLm5qC7TNkJNuQyDUrjgObiNcOB+w=; b=MDEIRHO5ebphKWuboEsKyaaE01sonsrxJZ19HaSBXNNK9EROEzT83PcSk93NKZzw1b TgelROHPIQE+IqPtF7rQgwheLN8AU+ers8ExDGgBZfwjpOijMqPEStyMf7wMyPhL9lZ/ zCn3F5LeKIywdVfFM9MigaYQVP7RWwBZOTYh1Wko4XhtU0xG4PArWW3KklIfcKt2Bequ T55KRqJnySunSWDexKAq4H5CS3vzTlvjxegPIoQnDMgIIL6YMCIPoFb0+dz/qPm2dZN0 dj4Y3lft6/AQowstuI5MGZG3b2rM8ruefSBjotWDLmdWeC2OefmFcrJHvcsTt79oaHTS JbNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699179266; x=1699784066; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=pLVdjdEVnABRFJCLm5qC7TNkJNuQyDUrjgObiNcOB+w=; b=EyaRb/1hhtpkUQNk+aYfVLK9sy1LOsPct66/p3LrGBHeHqfvTCSMN6TdMChHVYUY2L K/mbO2VK4XTi798bXwDNCxxlNGXpmcf8qlTgkJWF+c0+AVTl3hIlppNG15Hc//wOSvc2 wY2spZQCpTmre4XiYKNrrKIbCaTDhnUbjdkpDypfUBOGkcUJYvENSFSuH9miqSi0tbra r2MnHxLAhf6ZNEiS4x83wMw0nM8/xoFWt37QozlsObhXsvO0Lga2J1bldg3KTGzHOTnr zCWHxSL5vAscACvJryfctdWf9sAEgfkiupiAfZ5+wWUXe2JJF35CmFOApNBebr9LiHWr LVQA==
X-Gm-Message-State: AOJu0YwUukQ6mQ5Kw3AqjftPK6Z+oj5Qube8+WIhwnEQ4qGhK/huRQdy GKTGQypNk8as9DYYeCBCIn/IqfdRn8aq28/z6yJZXadRyuFlSMpSGSQ6Yg==
X-Google-Smtp-Source: AGHT+IGrNe2+ES6PWvDqmgYiKt2SaYmCYEgpEY2R9Wkkoal/IPj9W3ymXRFL1lslB5veNiKrL8Ze0KGNQobY+qNLPYs=
X-Received: by 2002:a17:907:6e87:b0:9de:88ff:e75 with SMTP id sh7-20020a1709076e8700b009de88ff0e75mr2734395ejc.21.1699179266646; Sun, 05 Nov 2023 02:14:26 -0800 (PST)
MIME-Version: 1.0
From: David Venhoek <david@venhoek.nl>
Date: Sun, 05 Nov 2023 11:14:15 +0100
Message-ID: <CAPz_-SWUST8Gn_=NRtzxLbF0yPmN6SzBwUzxYkeJ+rHxJHsLUQ@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/QLdV0_QPcKHtn9saeYp6cNaSlDk>
Subject: [Ntp] NTS for NTPv5
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 10:14:31 -0000
Hi All, since the draft did not yet elaborate on the details of nts negotiation for ntpv5, I added what we needed to get nts working with ntpv5 in ntpd-rs. Below is what we are implementing. It is also available as a pull request on miroslavs repository at https://github.com/mlichvar/draft-ntp-ntpv5/pull/10 Kind regards, David Venhoek diff --git a/ntp-ntpv5.xml b/ntp-ntpv5.xml index 190ab3b..c547408 100644 --- a/ntp-ntpv5.xml +++ b/ntp-ntpv5.xml @@ -1197,9 +1197,9 @@ Tx | 0 | | t3'| | 0 | | t3 | | 0 | |t11'| <section title="Network Time Security with NTPv5"> <t>The <xref target="RFC8915">Network Time Security</xref> mechanism uses the NTS-KE protocol to establish keys and negotiate the next protocol. - NTPv5 is added as a new protocol to the Network Time Security Next - Protocols Registry, which can be negotiated by NTPv5 clients and - servers supporting NTS.</t> + NTPv5 can be indicated as the next protocol with identifier [[TBD]] (draft + use 0x8001). This can be used by clients and servers to negotiate NTPv5 + for an NTS session</t> <t>No new NTS-KE records are specified for NTPv5. The records that were specified for NTPv4 (i.e. NTPv4 New Cookie, NTPv4 Server Negotiation, @@ -1207,6 +1207,14 @@ Tx | 0 | | t3'| | 0 | | t3 | | 0 | |t11'| <t>The NTS extension fields specified for NTPv4 are compatible with NTPv5. No new extension fields are specified.</t> + + <t>(Note to editor: remove this paragraph before publishing.) Client implementations + of a draft of this specification MUST provide the identity of the draft + implemented as data in a nts record of type 0x4001, which does not have + the critical bit set. The draft identity MUST be encoded as ascii and MUST + not contain any trailing 0 bytes. Servers that implement a draft + MUST not accept NTPv5 as an option unless they support the specific + draft version identified.</t> </section> <section title="NTPv5 Negotiation in NTPv4">
- [Ntp] NTS for NTPv5 David Venhoek