Re: [Ntp] Antw: Re: [EXT] Danny's Review (was Re: draft‑ietf‑ntp‑roughtime‑05: tag change makes implementation more complex)

"Salz, Rich" <rsalz@akamai.com> Tue, 05 October 2021 16:10 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 994643A0B8B for <ntp@ietfa.amsl.com>; Tue, 5 Oct 2021 09:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7X4rg2fx8uLL for <ntp@ietfa.amsl.com>; Tue, 5 Oct 2021 09:10:18 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90EC03A0B8D for <ntp@ietf.org>; Tue, 5 Oct 2021 09:10:18 -0700 (PDT)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 195DIctS019471; Tue, 5 Oct 2021 17:10:16 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=FKrw3ufm+PwmOnf4PhznYew9KEppI3HuUXW7voCQKO0=; b=l4e2EmnwqBZiq2P+oOPpUBL7taNXYwTBIpRRHA42tRWZ/e5js2Huc4GYg6Pl3QarhE+x D7YNgdsB2ddsvp9YCGuipAajZeMDB+btGHII37Am4T6IyIEe0yoB7b9pD/lP0na6pzsH 4IEWl9Iijin+EreGun7i+c5Bd1R12wsPf6UYTCJjlHq4mke0DdWuogHR3+oD2pGpevlt rEHBnCPGKJ2JANhAClLQklEibbWOr3agwgye9Owznog8d8ldy0Ov+5E7ON4n3M4Homb0 kBicqaiBHzF+xwybCxMjGHvAtiMETl2GuyDUMGhbODIZIMYL/wgS/Dn8vD3qvWtujCEU Bg==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 3bgqfsbj3f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 05 Oct 2021 17:10:15 +0100
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 195GAACj027581; Tue, 5 Oct 2021 12:10:14 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint6.akamai.com with ESMTP id 3bejrynewt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 05 Oct 2021 12:10:14 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Tue, 5 Oct 2021 12:10:13 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.023; Tue, 5 Oct 2021 12:10:13 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Danny Mayer <mayer@pdmconsulting.net>, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, "watsonbladd@gmail.com" <watsonbladd@gmail.com>
CC: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: =?utf-8?B?W050cF0gIEFudHc6IFJlOiBbRVhUXSBEYW5ueSdzIFJldmlldyAod2FzIFJl?= =?utf-8?B?OiBkcmFmdOKAkWlldGbigJFudHDigJFyb3VnaHRpbWXigJEwNTogdGFnIGNo?= =?utf-8?Q?ange_makes_implementation_more_complex)?=
Thread-Index: AQHXugEN6sdR7qjEy0SyE/xaZ3A0sKvEkvEA
Date: Tue, 5 Oct 2021 16:10:12 +0000
Message-ID: <E5E1960A-8AD4-4118-9822-6CAC1319AC1F@akamai.com>
References: <CAGZkp1-ZCuSvMyQyWCnE511O8-WL=OXfsTdraKsByMmWC3spVA@mail.gmail.com> <CACsn0ckZmR=k2NAmdyhVOA=V_XQ18AnBUBSTOu+bDXS1YsPpUg@mail.gmail.com> <CAGZkp18eASaF7qvubYpDgzvg643ZXuPwDs9qsiC1P_AVLcywLA@mail.gmail.com> <CACsn0cnjHFwxHT13nMavRFzRteWJ=SORY8v4RCZjdjYP0H3oaw@mail.gmail.com> <7dde7eb3-4dc7-94d3-e63a-6d5d0736b1c2@pdmconsulting.net> <54baf1fa-b138-4eb8-6f4e-99168cf2db7b@dansarie.se> <0a95d35f-f708-4a3c-4ecf-77597c42a7a4@pdmconsulting.net> <CACsn0c=gdQWDumfzeHYYWzXPV4sz4J9mTUtYW+4=KueaHHbGdQ@mail.gmail.com> <79dfd56c-54e8-8b85-ed9d-da9fac71d1f1@pdmconsulting.net> <c95eaafb-f294-a54e-d495-0cf74e574686@pdmconsulting.net> <CACsn0cmks2fdwem1rS+QNzCL1WhNR4890Fi1zpjQrL=E3Y=3fQ@mail.gmail.com> <615AAD0F020000A100044300@gwsmtp.uni-regensburg.de> <CACsn0c=mDN6-tb=sP60gDgn6XvypxegWaVNd5yFASO74VHwVGA@mail.gmail.com> <615C0CE2020000A1000443AC@gwsmtp.uni-regensburg.de> <45e77584-e493-9475-28bb-dba97a5e5bee@pdmconsulting.net>
In-Reply-To: <45e77584-e493-9475-28bb-dba97a5e5bee@pdmconsulting.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.53.21091200
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <B826D3A16A003043BC68E591E3EAA633@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-10-05_03:2021-10-04, 2021-10-05 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 adultscore=0 suspectscore=0 phishscore=0 bulkscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110050096
X-Proofpoint-GUID: x1ctDYRTVMYzYrgtGrohdi8-6jcfyd8f
X-Proofpoint-ORIG-GUID: x1ctDYRTVMYzYrgtGrohdi8-6jcfyd8f
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-10-05_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 bulkscore=0 phishscore=0 priorityscore=1501 mlxlogscore=999 adultscore=0 impostorscore=0 mlxscore=0 lowpriorityscore=0 clxscore=1011 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110050095
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/siKdtP2N5UQiaLL2l-M75oT6vXU>
Subject: Re: [Ntp] =?utf-8?q?Antw=3A_Re=3A_=5BEXT=5D_Danny=27s_Review_=28was_?= =?utf-8?b?UmU6IGRyYWZ04oCRaWV0ZuKAkW50cOKAkXJvdWdodGltZeKAkTA1OiB0YWcg?= =?utf-8?q?change_makes_implementation_more_complex=29?=
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2021 16:10:24 -0000

>    That was my point. You can put an ID into the protocol to reference the 
    hashing algorithm used which references an ID maintained by IANA. That 
    way the protocol doesn't change if you need to replace the protocol. 
    It's okay to reference a minimum required protocol in the document 
    provided that can be updated if the algorithm becomes compromised. I'm 
    sure you can find a list of supported hashing algorithms on IANA.

I think you're agreeing with each other.  TLS defines codepoints as places for extension. You can see a list of such points at https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml  The "TLS Cipher Suites" table for example is directly on-point.  Note that every protocol has its own tables.

Historically NTP didn't really have extension points (probably because the concept, and IANA as currently used, didn't really exist back then).  The WG has adopted a draft, https://datatracker.ietf.org/doc/draft-ietf-ntp-update-registries/ that updates and creates the historical extension points.

As for the question of whether SHA-512 should be part of the Roughtime spec, or use a registry and a digest identifier...  The only other Merkle tree document, Certificate Transparency (CT), uses a registry.  (See https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/, Section 10.2.1) and notably it uses SHA-256 as the default.  We could add SHA-512 to the CT registry and then roughtime could just refer to that. It would mean adding a byte to the protocol messages.