Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standardsecurity
Hal Murray <hmurray@megapathdsl.net> Mon, 15 February 2021 03:23 UTC
Return-Path: <hmurray@megapathdsl.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5D8F3A1175; Sun, 14 Feb 2021 19:23:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.618
X-Spam-Level: ***
X-Spam-Status: No, score=3.618 tagged_above=-999 required=5 tests=[HELO_DYNAMIC_IPADDR=3.243, PDS_RDNS_DYNAMIC_FP=0.01, RDNS_DYNAMIC=0.363, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6kFK4G7eZcO; Sun, 14 Feb 2021 19:23:41 -0800 (PST)
Received: from ip-64-139-1-69.sjc.megapath.net (ip-64-139-1-69.sjc.megapath.net [64.139.1.69]) by ietfa.amsl.com (Postfix) with ESMTP id 9229E3A1174; Sun, 14 Feb 2021 19:23:40 -0800 (PST)
Received: from shuksan (localhost [127.0.0.1]) by ip-64-139-1-69.sjc.megapath.net (Postfix) with ESMTP id B658F40605C; Sun, 14 Feb 2021 19:23:39 -0800 (PST)
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
To: Benjamin Kaduk <kaduk@mit.edu>
cc: tom petch <daedulus@btconnect.com>, Dhruv Dhody <dhruv.ietf@gmail.com>, NTP WG <ntp@ietf.org>, last-call@ietf.org, draft-ietf-ntp-yang-data-model@ietf.org, ek.ietf@gmail.com, Dieter Sibold <dsibold.ietf@gmail.com>, ntp-chairs@ietf.org, hmurray@megapathdsl.net
From: Hal Murray <hmurray@megapathdsl.net>
In-Reply-To: Message from Benjamin Kaduk <kaduk@mit.edu> of "Sun, 14 Feb 2021 17:11:27 PST." <20210215011127.GA21@kduck.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 14 Feb 2021 19:23:39 -0800
Message-Id: <20210215032339.B658F40605C@ip-64-139-1-69.sjc.megapath.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/jxCvuz8iP_UwfHJ_R9F5uokrk-w>
X-Mailman-Approved-At: Wed, 17 Feb 2021 04:06:13 -0800
Subject: Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standardsecurity
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 03:23:43 -0000
> That said, I think recent practice has been to not take a strict hard line > that MD5 cannot be used ever, and that non-cryptographic uses for legacy > compatibility can be retained, when accompanied by a disclaimer that the use > of MD5 is not for cryptographic purposes and that MD5 is not a secure > cryptographic hash function. I'm missing the big picture. What is Yang supposed to do? I'd expect it would be describing existing practices. I don't expect it to be trying to add MUSTs to other RFCs. I'd be happy with notes that a use case has been deprecated, especially if there is an RFC to point to. But unless I'm missing something, Yang is not the place to be trying to enforce good crypto practices. Most people working on NTP won't pay any attention to Yang if they even know it exists. NTP uses MD5 in two places. One is hashing IPv6 addresses to make something that fits into a slot that only has room for IPv4 addresses. I don't think there are any crypto/security considerations. The other is for authenticating packets. RFC 8573 deprecates that usage. A note in a Yang document saying "using MD5 for authenticating NTP has been deprecated by RFC 8573" seems like a good idea. I think anything stronger will be inappropriate. But maybe I don't understand what Yang is all about. -- These are my opinions. I hate spam.
- [Ntp] Last Call: <draft-ietf-ntp-yang-data-model-… The IESG
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Hal Murray
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Miroslav Lichvar
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: … Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Danny Mayer
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… James Browning
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Christian Huitema
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Martin Burnicki
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch