[Ntp] Encrypted NTS cookie placeholder

Miroslav Lichvar <mlichvar@redhat.com> Wed, 29 January 2020 10:14 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D499120821 for <ntp@ietfa.amsl.com>; Wed, 29 Jan 2020 02:14:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0H2jyI6hLb3q for <ntp@ietfa.amsl.com>; Wed, 29 Jan 2020 02:14:49 -0800 (PST)
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52496120130 for <ntp@ietf.org>; Wed, 29 Jan 2020 02:14:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580292888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rn1H/xYjfN6ogY2qBFrdL0lxcwmCxlMIGwpShhJTlK8=; b=EUFWy7NIJy1shMV5smgWIlpCKPSDg6hkQ+k26xPzkfcUVmcctOlmZwYEvRpxBtigYwo3qt f1bx6vPlpDWIFq70goOu9iU4yup5OliWRY8lYpHhlSbmbMtx4nwxKqfiyV/34U8+Y3NEZ8 /Km0CK40PbHKUfLxxLaN1VAcDSG9nak=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-415-DLLoMoXcNAOWVfBfBMovSg-1; Wed, 29 Jan 2020 05:14:45 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B20C313E9 for <ntp@ietf.org>; Wed, 29 Jan 2020 10:14:44 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 388FE5C1B5 for <ntp@ietf.org>; Wed, 29 Jan 2020 10:14:44 +0000 (UTC)
Date: Wed, 29 Jan 2020 11:14:42 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: ntp@ietf.org
Message-ID: <20200129101442.GJ20504@localhost>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-MC-Unique: DLLoMoXcNAOWVfBfBMovSg-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/ls9Y_wAOkiELeDha8Jy5MknBJYw>
Subject: [Ntp] Encrypted NTS cookie placeholder
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 10:14:51 -0000

I noticed an interoperability issue with NTS servers that people here
have been using for testing.

The draft says in 5.7:
The client MAY include one or more NTS Cookie Placeholder extension
fields which MUST be authenticated and MAY be encrypted.

But that doesn't seem to be supported by most of the servers. Some
ignore encrypted Placeholders (sending a shorter response) and some
don't even respond to such a request. The implementors may want to
check that.

-- 
Miroslav Lichvar