Re: [Ntp] Antw: Re: [EXT] Danny's Review (was Re: draft‑ietf‑ntp‑roughtime‑05: tag change makes implementation more complex)

Danny Mayer <mayer@pdmconsulting.net> Tue, 05 October 2021 15:52 UTC

Return-Path: <mayer@pdmconsulting.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9D073A0A78 for <ntp@ietfa.amsl.com>; Tue, 5 Oct 2021 08:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPCVItM51RhT for <ntp@ietfa.amsl.com>; Tue, 5 Oct 2021 08:52:36 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [66.220.13.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97E8F3A0A68 for <ntp@ietf.org>; Tue, 5 Oct 2021 08:52:29 -0700 (PDT)
Received: from newusers-MBP.fios-router.home (pool-108-26-179-179.bstnma.fios.verizon.net [108.26.179.179]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4HP2CV1Ss5zMNQg; Tue, 5 Oct 2021 15:52:22 +0000 (UTC)
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, watsonbladd@gmail.com
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <CAGZkp1-ZCuSvMyQyWCnE511O8-WL=OXfsTdraKsByMmWC3spVA@mail.gmail.com> <CACsn0ckZmR=k2NAmdyhVOA=V_XQ18AnBUBSTOu+bDXS1YsPpUg@mail.gmail.com> <CAGZkp18eASaF7qvubYpDgzvg643ZXuPwDs9qsiC1P_AVLcywLA@mail.gmail.com> <CACsn0cnjHFwxHT13nMavRFzRteWJ=SORY8v4RCZjdjYP0H3oaw@mail.gmail.com> <7dde7eb3-4dc7-94d3-e63a-6d5d0736b1c2@pdmconsulting.net> <54baf1fa-b138-4eb8-6f4e-99168cf2db7b@dansarie.se> <0a95d35f-f708-4a3c-4ecf-77597c42a7a4@pdmconsulting.net> <CACsn0c=gdQWDumfzeHYYWzXPV4sz4J9mTUtYW+4=KueaHHbGdQ@mail.gmail.com> <79dfd56c-54e8-8b85-ed9d-da9fac71d1f1@pdmconsulting.net> <c95eaafb-f294-a54e-d495-0cf74e574686@pdmconsulting.net> <CACsn0cmks2fdwem1rS+QNzCL1WhNR4890Fi1zpjQrL=E3Y=3fQ@mail.gmail.com> <615AAD0F020000A100044300@gwsmtp.uni-regensburg.de> <CACsn0c=mDN6-tb=sP60gDgn6XvypxegWaVNd5yFASO74VHwVGA@mail.gmail.com> <615C0CE2020000A1000443AC@gwsmtp.uni-regensburg.de>
From: Danny Mayer <mayer@pdmconsulting.net>
Message-ID: <45e77584-e493-9475-28bb-dba97a5e5bee@pdmconsulting.net>
Date: Tue, 5 Oct 2021 11:52:21 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <615C0CE2020000A1000443AC@gwsmtp.uni-regensburg.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/opdLO-2YcVqQbD2nM89wmW5Scf4>
Subject: Re: [Ntp] =?utf-8?q?Antw=3A_Re=3A_=5BEXT=5D_Danny=27s_Review_=28was_?= =?utf-8?b?UmU6IGRyYWZ04oCRaWV0ZuKAkW50cOKAkXJvdWdodGltZeKAkTA1OiB0YWcg?= =?utf-8?q?change_makes_implementation_more_complex=29?=
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2021 15:52:42 -0000

On 10/5/21 4:29 AM, Ulrich Windl wrote:
>>>> Watson Ladd <watsonbladd@gmail.com> schrieb am 05.10.2021 um 04:16 in
> For completeness the used/expected hash algorithm could indicated by a 
> tag
>>> even in this version, maybe providing a mechanism how to allow/require
>>> different algorithms in a later version.
>>> That design would avoid some bad compatibility designs in a later version
>>> (like NTP's "famous" extension fields).
>> I'm not sure why the hash function is so worthy of singling out here,
>> perhaps you can explain more. The intention is every version has its
>> own single signature algorithm.
> If that is part of the design, say so. However having to start a new
> incompatible protocol version just to replace a hash algorithm is bad design
> IMHO.
> Imagine SSL/TLS had a new or different version for every hash algorithm that
> is supported.
>
That was my point. You can put an ID into the protocol to reference the 
hashing algorithm used which references an ID maintained by IANA. That 
way the protocol doesn't change if you need to replace the protocol. 
It's okay to reference a minimum required protocol in the document 
provided that can be updated if the algorithm becomes compromised. I'm 
sure you can find a list of supported hashing algorithms on IANA.

Danny