IETF Logo Mail Archive

Re: [ntpwg] New Version Notification for draft-ietf-ntp-network-time-security-12.txt and draft-ietf-ntp-using-nts-for-ntp-03.txt

Danny Mayer <mayer@ntp.org> Wed, 23 December 2015 14:57 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96E381A0167 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 23 Dec 2015 06:57:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oAYxNzLOyWYl for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 23 Dec 2015 06:57:00 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id 4BF8F1A014F for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 23 Dec 2015 06:57:00 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 336E086DB31 for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 23 Dec 2015 14:57:00 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 9543786D77B for <ntpwg@lists.ntp.org>; Wed, 23 Dec 2015 14:34:31 +0000 (UTC)
Received: from [198.22.153.36] (helo=[10.2.64.200]) by mail1.ntp.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1aBkUn-000JoF-89; Wed, 23 Dec 2015 14:34:30 +0000
References: <56785CE5.6080102@ntp.org> <OFDECED69B.3FA71F92-ONC1257F22.0063AA4C-C1257F22.006401FE@ptb.de> <OF3D6DD6FA.812C6BCC-ONC1257F22.00775A28-C1257F22.00775A29@ptb.de> <567877FB.7030608@ntp.org> <OF0AC1CCBA.2E240196-ONC1257F23.00313FBA-C1257F23.0033AC80@ptb.de> <E1aBYIZ-000D0R-7I@stenn.ntp.org>
To: Harlan Stenn <stenn@ntp.org>, dieter.sibold@ptb.de
From: Danny Mayer <mayer@ntp.org>
X-Enigmail-Draft-Status: N1110
Organization: NTP
Message-ID: <567AB0F5.4060806@ntp.org>
Date: Wed, 23 Dec 2015 09:34:29 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <E1aBYIZ-000D0R-7I@stenn.ntp.org>
X-SA-Exim-Connect-IP: 198.22.153.36
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org, dieter.sibold@ptb.de, stenn@ntp.org
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] New Version Notification for draft-ietf-ntp-network-time-security-12.txt and draft-ietf-ntp-using-nts-for-ntp-03.txt
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Reply-To: mayer@ntp.org
Cc: ntpwg@lists.ntp.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

On 12/22/2015 8:33 PM, Harlan Stenn wrote:
> dieter.sibold@ptb.de writes:
>> You can see it in the draft "draft-ietf-ntp-using-nts-for-ntp-03". There 
>> it is mentioned e.g. in sect. 6.1.3.2. The idea is that NTS for NTP 
>> defines one additional extension field (see section IANA registration) and 
>> that all NTS-messages are using this extension field. The different NTS 
>> message types are distinguished by their respective OID (see the next 
>> version of the draft "draft-ietf-ntp-cms-for-nts-message"). This also is 
>> true for the MAC. Kristof please correct me if I'm wrong. The field type 
>> of the NTS extension field is not registered yet. This has to be done as 
>> soon as possible. This was also discussed with the NTF.
>>
>> Dieter
> 
> I gather we want an extension field for NTS and we want an extension
> field for the message authenticator.
> 
> DLM says the original expectation and plan was for mulitple extension
> fields to be allowed, and that the MAC, if present, would always be the
> last thing in the packet.
> 
> If a new extension field was added to the packet that process should
> remove any previous MAC field and add a new one to the end of the packet.
> 

That would be necessary if there is only the MAC at the end of the
packet because you cannot have two or more of them. However if the MAC
is an extension field itself there can be as many as necessary.

> I'm curious if there is new information available that would show good
> reason why we should reconsider this.

Yes. The MAC field in the packet has reached the end of it's useful
life. It is inflexible, the algorithm to be used cannot be specified,
and we are currently guessing whether or not it is present and how long
it is.

Danny

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email