Re: [ntpwg] Parsing NTP packets regarding MACs and EXTs.
Harlan Stenn <stenn@ntp.org> Tue, 21 June 2016 22:49 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B35F12DA85 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 21 Jun 2016 15:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.326
X-Spam-Level:
X-Spam-Status: No, score=-8.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g709vIERB3sJ for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 21 Jun 2016 15:49:37 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id 688CA12D82C for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 21 Jun 2016 15:49:37 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 50A9D86DAE0 for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 21 Jun 2016 22:49:37 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from stenn.ntp.org (stenn.ntp.org [IPv6:2001:4f8:fff7:1::30]) by lists.ntp.org (Postfix) with ESMTP id 72AF786D48C for <ntpwg@lists.ntp.org>; Tue, 21 Jun 2016 22:49:26 +0000 (UTC)
Received: from [::1] (helo=stenn.ntp.org) by stenn.ntp.org with esmtp (Exim 4.87 (FreeBSD)) (envelope-from <stenn@stenn.ntp.org>) id 1bFURY-000H2p-G8; Tue, 21 Jun 2016 22:46:52 +0000
From: Harlan Stenn <stenn@ntp.org>
To: "Salz, Rich" <rsalz@akamai.com>
In-reply-to: <f4f6f8f969ac49ff819ccae06ec2e3db@usma1ex-dag1mb1.msg.corp.akamai.com>
References: Message from Harlan Stenn <stenn@ntp.org> of "Tue, 21 Jun 2016 03:25:32 -0000." <E1bFCJh-000G0C-Bf@stenn.ntp.org> <20160621093932.BD9A7406057@ip-64-139-1-69.sjc.megapath.net> <f4f6f8f969ac49ff819ccae06ec2e3db@usma1ex-dag1mb1.msg.corp.akamai.com>
Comments: In-reply-to "Salz, Rich" <rsalz@akamai.com> message dated "Tue, 21 Jun 2016 10:58:32 +0000."
X-Mailer: MH-E 7.4.2; nmh 1.6; XEmacs 21.4 (patch 24)
Mime-Version: 1.0 (generated by tm-edit 1.8)
Date: Tue, 21 Jun 2016 22:46:52 +0000
Message-Id: <E1bFURY-000H2p-G8@stenn.ntp.org>
Subject: Re: [ntpwg] Parsing NTP packets regarding MACs and EXTs.
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>, Hal Murray <hmurray@megapathdsl.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
"Salz, Rich" writes: > > > The simple shared key MACs include a 4 byte header. MD5 mode has a 16 > > byte hash for 20 bytes total. SHA1 has a 20 byte hash for a 24 byte tota= > l. > > And both of those are very very, and fairly, obsolete respectively. > > No new security mechanism, and that's what we're defining here, should use = > anything less than SHA 256. We're talking about a digital signature used to valdate a ~48 byte packet. Unless it has an EF, when it will be longer. Sure, 160 bits is a current lower bound on how good it should be. But again, how thoroughly do you want to "protect" this 48-byte message? How big of a signature do you need to feel warm and fuzzy regarding the validity of a packet 10 times that size, which is likely to be *way* more than we'll be seeing? H _______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- Re: [ntpwg] Autokey, Shared keys Harlan Stenn
- Re: [ntpwg] Autokey, Shared keys Hal Murray
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Miroslav Lichvar
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Daniel Franke
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Daniel Franke
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Harlan Stenn
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Rob Seaman
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Hal Murray
- [ntpwg] New Version Notification for draft-ietf-n… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… kristof.teichel
- Re: [ntpwg] New Version Notification for draft-ie… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Richard Welty
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- Re: [ntpwg] New Version Notification for draft-ie… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Hal Murray
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- [ntpwg] Antw: Re: New Version Notification for dr… Ulrich Windl
- Re: [ntpwg] Antw: Re: I-D Action: draft-ietf-ntp-… Hal Murray
- Re: [ntpwg] Antw: Re: I-D Action: draft-ietf-ntp-… Harlan Stenn
- Re: [ntpwg] Antw: Re: I-D Action: draft-ietf-ntp-… Hal Murray
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Hal Murray
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Kurt Roeckx
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Harlan Stenn
- Re: [ntpwg] Different security mechanisms (NTS, A… Hal Murray
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Hal Murray
- Re: [ntpwg] Different security mechanisms (NTS, A… Harlan Stenn
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Harlan Stenn
- Re: [ntpwg] WGLC on NTS: Round trips for key exch… Hal Murray
- Re: [ntpwg] WGLC on NTS: Round trips for key exch… Harlan Stenn
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Hal Murray
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Harlan Stenn
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Hal Murray
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Harlan Stenn
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Daniel Franke
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Harlan Stenn