Re: [ntpwg] Parsing NTP packets regarding MACs and EXTs.
Danny Mayer <mayer@ntp.org> Tue, 21 June 2016 15:46 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 429A012D99A for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 21 Jun 2016 08:46:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.326
X-Spam-Level:
X-Spam-Status: No, score=-8.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9g7jDqsdbs4g for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 21 Jun 2016 08:46:17 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id EE2C112D98B for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 21 Jun 2016 08:46:16 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id D24F686DAF1 for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 21 Jun 2016 15:46:16 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 26CE186D55E for <ntpwg@lists.ntp.org>; Tue, 21 Jun 2016 15:45:20 +0000 (UTC)
Received: from [198.22.153.130] (helo=[10.2.184.123]) by mail1.ntp.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1bFNrV-000Igk-Mx; Tue, 21 Jun 2016 15:45:17 +0000
References: <stenn@ntp.org> <E1bFCJh-000G0C-Bf@stenn.ntp.org> <20160621093932.BD9A7406057@ip-64-139-1-69.sjc.megapath.net> <f4f6f8f969ac49ff819ccae06ec2e3db@usma1ex-dag1mb1.msg.corp.akamai.com> <d5934cd7-5808-3e2b-3ed6-b5e1b3f9e2df@ntp.org> <CAJm83bAHcSQtOHRjUHVk7o27KmbSqH_dad+dLMAhQ6Vh3hnsWw@mail.gmail.com>
To: Daniel Franke <dfoxfranke@gmail.com>
From: Danny Mayer <mayer@ntp.org>
Organization: NTP
Message-ID: <d201d6d1-e769-c9c3-492c-409f129e54a9@ntp.org>
Date: Tue, 21 Jun 2016 11:45:09 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <CAJm83bAHcSQtOHRjUHVk7o27KmbSqH_dad+dLMAhQ6Vh3hnsWw@mail.gmail.com>
X-SA-Exim-Connect-IP: 198.22.153.130
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org, stenn@ntp.org, hmurray@megapathdsl.net, rsalz@akamai.com, dfoxfranke@gmail.com
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] Parsing NTP packets regarding MACs and EXTs.
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Reply-To: mayer@ntp.org
Cc: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>, Hal Murray <hmurray@megapathdsl.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
On 6/21/2016 10:51 AM, Daniel Franke wrote: > On 6/21/16, Danny Mayer <mayer@ntp.org> wrote: >> Yes. The reference code supports the creation of better hashes than MD5 >> and SHA-1, since OpenSSL supports it, but the parsing code does not and >> that's what needs to get fixed. This is not a NTP WG issue, it's a >> problem with the reference implementation that needs to get fixed. I do >> note that RFC5905 only references MD5 and that IS a WG problem. > > A bigger problem than MD5 is the fact that NTP's "HMAC" isn't HMAC; > it's the H(K||V) construction vulnerable to length-extension attacks. > > However, supporting better hash functions shouldn't require any > changes to parsing. The length of a MAC tag doesn't have to be the > same as the digest size of the hash function you're using. It's > perfectly safe, e.g., to truncate HMAC-SHA256 to 128 bits. > > I oppose putting the legacy MAC field to any new uses or allowing it > take on anything other than its current size. Any new crypto should be > done in extension fields. The parsing rules should be as follows: > > If the packet is 48 bytes, it has no extensions and no MAC. > If the packet is between 49 and 67 bytes inclusive, it's malformed; discard it. > If the packet is 68 bytes, it has a legacy MAC and no extensions. > If the packet is more than 68 bytes, the last 20 bytes are the keyid > and MAC, the first 48 bytes are the standard fields, and everything in > between is extension fields. If the keyid field is 0, then the MAC > field is ignored, and these last 20 bytes are basically just filler to > make the packet parse correctly. > > At such time as we publish a standard for NTPv5, we can get rid of the > legacy MAC fields and move their functionality into extension fields, > so that the 20 bytes of wasted filler is no longer necessary. Yes, the intention is to relegate the old MAC to existing usage and only use EF MAC for future use. We are also planning to move to GMAC for hashing algorithms. Danny _______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- Re: [ntpwg] Autokey, Shared keys Harlan Stenn
- Re: [ntpwg] Autokey, Shared keys Hal Murray
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Miroslav Lichvar
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Daniel Franke
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Daniel Franke
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Harlan Stenn
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Rob Seaman
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Danny Mayer
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Hal Murray
- [ntpwg] New Version Notification for draft-ietf-n… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… kristof.teichel
- Re: [ntpwg] New Version Notification for draft-ie… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Richard Welty
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- Re: [ntpwg] New Version Notification for draft-ie… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Hal Murray
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… dieter.sibold
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Danny Mayer
- Re: [ntpwg] New Version Notification for draft-ie… Harlan Stenn
- [ntpwg] Antw: Re: New Version Notification for dr… Ulrich Windl
- Re: [ntpwg] Antw: Re: I-D Action: draft-ietf-ntp-… Hal Murray
- Re: [ntpwg] Antw: Re: I-D Action: draft-ietf-ntp-… Harlan Stenn
- Re: [ntpwg] Antw: Re: I-D Action: draft-ietf-ntp-… Hal Murray
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Hal Murray
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Kurt Roeckx
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Harlan Stenn
- Re: [ntpwg] Different security mechanisms (NTS, A… Hal Murray
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Hal Murray
- Re: [ntpwg] Different security mechanisms (NTS, A… Harlan Stenn
- Re: [ntpwg] Fwd: Early Allocations for NTS drafts… Harlan Stenn
- Re: [ntpwg] WGLC on NTS: Round trips for key exch… Hal Murray
- Re: [ntpwg] WGLC on NTS: Round trips for key exch… Harlan Stenn
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Hal Murray
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Harlan Stenn
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Hal Murray
- Re: [ntpwg] [TICTOC] comments on draft-stenn-ntp-… Harlan Stenn
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Salz, Rich
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Daniel Franke
- Re: [ntpwg] Parsing NTP packets regarding MACs an… Harlan Stenn