[Ntp] NTS and validation
"Salz, Rich" <rsalz@akamai.com> Mon, 13 September 2021 13:05 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD1453A0DE2 for <ntp@ietfa.amsl.com>; Mon, 13 Sep 2021 06:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3YJzTjpxnr4 for <ntp@ietfa.amsl.com>; Mon, 13 Sep 2021 06:04:57 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51DBC3A0DDA for <ntp@ietf.org>; Mon, 13 Sep 2021 06:04:57 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18D9udjU031750 for <ntp@ietf.org>; Mon, 13 Sep 2021 14:04:56 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=1WvnC3opLFa1+rf3O5oB19j41fZTV3hNn+TkM4LCpkY=; b=Z1SVhrucFxhvr396X2EY5tr91kD36whUC1342l85kR49XQhWAEBudJKOOQFFjjNNEB47 iR2tka1yyMnet+l7Z2qh81waGWYjh08mirx/sPBrhPrp5yw8456dFTb7j6DioTmTJzha 0//8MtW83FJUCz/W2DA6yIIYVMRfQWpniNNTf/ob9WkiOwcAcTYU9DnJdke/zmFx4C1x M1WqKFMZHn9QHqVAejIfwS5QkpEUQnAsLz1TZA7rhm4yp4p3swLhse2LodLY2UCjfuFn 3xtB/AkkCahsPh5LBlB13ioGK6iR/YFatDyQDHRkG6j2aST3BJvsYqAKkgBG7X5dpE44 Fw==
Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 3b24f4ktak-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ntp@ietf.org>; Mon, 13 Sep 2021 14:04:55 +0100
Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 18DCnTka008950 for <ntp@ietf.org>; Mon, 13 Sep 2021 06:04:54 -0700
Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint5.akamai.com with ESMTP id 3b0teauaj4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <ntp@ietf.org>; Mon, 13 Sep 2021 06:04:54 -0700
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Mon, 13 Sep 2021 09:04:53 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.023; Mon, 13 Sep 2021 09:04:53 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: NTS and validation
Thread-Index: AQHXqJ/xLx6v2hC+IkGy7FQYZWjyMA==
Date: Mon, 13 Sep 2021 13:04:53 +0000
Message-ID: <C4C1DCA2-6279-43B2-8D88-32FBF23DDCAE@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.53.21090501
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_C4C1DCA2627943B28D8832FBF23DDCAEakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-09-13_04:2021-09-09, 2021-09-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 spamscore=0 bulkscore=0 adultscore=0 phishscore=0 mlxscore=0 mlxlogscore=683 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109130085
X-Proofpoint-ORIG-GUID: omXUcCVZCJeG9IrJChnLJueObrso7r9x
X-Proofpoint-GUID: omXUcCVZCJeG9IrJChnLJueObrso7r9x
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-13_04,2021-09-09_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 adultscore=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 clxscore=1011 mlxlogscore=582 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109130087
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.60) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint5
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/YWfcC7XeZBruOa2VSO7os5mlKJw>
Subject: [Ntp] NTS and validation
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2021 13:05:02 -0000
Question for NTS implementors: do you validate the server certificate? I’m the primary author updating RFC 6125. QUIC uses TLS to set up its key material, like NTS, and it does the certificate validation the way TLS does. NTS the same?
- [Ntp] NTS and validation Salz, Rich
- Re: [Ntp] NTS and validation Langer, Martin
- Re: [Ntp] NTS and validation Salz, Rich