Re: [Ntp] Éric Vyncke's No Objection on draft-ietf-ntp-using-nts-for-ntp-23: (with COMMENT)
Marcus Dansarie <marcus@dansarie.se> Thu, 19 March 2020 18:14 UTC
Return-Path: <marcus.dansarie.nilsson@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 457473A0C9B; Thu, 19 Mar 2020 11:14:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEcLic3bDyn3; Thu, 19 Mar 2020 11:14:11 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF723A0C9A; Thu, 19 Mar 2020 11:14:10 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id w1so3600049ljh.5; Thu, 19 Mar 2020 11:14:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=o/RO49HKwIK/ikrkt3v3YBbVLpjTO+3i5MsvtvT1RwQ=; b=q390sJhQEOVVZPR3H0IpVZakrqYxN9z188IieqCqprGM0dN/eMO7Oe6BRoY8WoQqXN wzRpZq10+vORW3y/SPt9NZPO8GFMhlRNpHEaPM2UtYu2WwhJM/0Gs2xDBdzeFo9OGn0X Mctqf4NVjsjoJnQd2AIJ9xJBbts7DrkfGqzELL7E0xyWbfXsC74VhNKahuVEhXh5V3Ed +HSFyZqZwYfQd6/nybZh57Qq8mGVK+R0OjnrHtDDUlxBCMkX+CKUOPk7uL9caUcEtrcv scM2Tliq9hpKCW6V9lVLSLw13klqUPmfQ+4Vj69yH9rwjxgQLz9armUb0lDZlAepuLSN vk1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=o/RO49HKwIK/ikrkt3v3YBbVLpjTO+3i5MsvtvT1RwQ=; b=e/F0V8KaTbTHadry512F04vsMrQ2/fm/JKgpshcGN/9sb6yQ5i2/aIDZih5Z+/D7ug qYfp3SARwfY+lNcE6YCDX9GaJudEHHNLGu9nn3Ni2JFKwVYTt5lKtlHYMXlPsg1vcwzI MCT/L+8UVK7P8WhJrQspM9JyrHV9QJPBk5agpQxiudTPeXdLhTqPZ0kElPV+U2HQVlaz DhyXKi+18weqjgMBUHYgb8TvQP2lUXwgFnQ4f7swqyzKiNaH8uaOv0uzZ3Gkc/rckSi+ 0pRYPw+OBuNG8e4SyORofIsTr4U6nAweJHpdRGOxmg192IurzwRqr1B4UD5csMCgpfjt 0cEA==
X-Gm-Message-State: ANhLgQ04Vvqg9tcIPC4RvDtjWLn+BhZu8knFKt1kPXjb6JbDpLP+AniW tBtxr5lBBmpRPLyLTFm9Rk8=
X-Google-Smtp-Source: ADFU+vt9hKJckFXdDPa8kYKt5N82N2n++Ec7SefhmAfQhzK+L6ZGT8iHUOAaGH1+8wOeR5SBrPSvlA==
X-Received: by 2002:a2e:874b:: with SMTP id q11mr3037821ljj.132.1584641648801; Thu, 19 Mar 2020 11:14:08 -0700 (PDT)
Received: from ?IPv6:2001:470:dfe6:0:d0c5:e696:d460:6cff? ([2001:470:dfe6:0:d0c5:e696:d460:6cff]) by smtp.gmail.com with ESMTPSA id g18sm1862757ljg.59.2020.03.19.11.14.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 19 Mar 2020 11:14:07 -0700 (PDT)
Sender: Marcus Dansarie <marcus.dansarie.nilsson@gmail.com>
To: Éric Vyncke <evyncke@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-ntp-using-nts-for-ntp@ietf.org, ntp-chairs@ietf.org, ntp@ietf.org, Karen O'Donoghue <odonoghue@isoc.org>
References: <158384881593.15262.11708402472633059534@ietfa.amsl.com>
From: Marcus Dansarie <marcus@dansarie.se>
Autocrypt: addr=marcus@dansarie.se; prefer-encrypt=mutual; keydata= mQINBFawEn4BEAC8YukDy8f3eczlE8WAcuctrjsNltPCLZDzcj3vBmiayXlXuPULOopqeuw4 +oaZqj4KqvdFBA1mzvwPll7IHePuwAoJYJr48IbIXc9MRjtLoFtd0KnhiVPUS8F2cmfzSJ8E FEv92sz6UT8/tlLEu6sNqr6/caYUivspuW5wf4f6nkSE+6rao9Nx9X03r289IPNBSZv+Y/Ym jWHDPpbT8WLUJZ+A8RsW/1oza609oAzqTkclmnRzip8wZZWNg3Q55P7onBmTIOrEz13My9r5 DWCMHyxXgFL1RJ9YW0t4yRkRm+HvOn3Vesk3m8CCGA6esHV0IPZmBOxJr3l+UQYuDiTgFufr WMpu5MvlyKGHS4fNd505DyyJY2G6eQLLrOq3nZy4qoZSL42TMxzYglexg+H6P/YsIIShk5Ch h/hNphXjrElDWhbGT5JiRWIivgSj/gq5QVBbDLR3b25n9PA0byGemfcEHLkii6EKyH7GW6v9 sgmvCmPfEfppYcOP2g9Jdt8RPitx0UBjoCzWAn0Py0NvlFDyz0FQhWDPig3yo1CG5ljb686v VBwcHJthczUV0rIyVzfmnikIb9ZjydHSX3fFwLz1IcIIX+INS58qA0SDqOoyP2WTYGZCDPVw GMMh+wMtAL2MICTr6vybFWB58m4PsI1j8Ri+AQiEkxyJauI2WQARAQABtCRNYXJjdXMgRGFu c2FyaWUgPG1hcmN1c0BkYW5zYXJpZS5zZT6JAlwEEwEIAEYCGwMCHgECF4ACGQEJCwkNCAwH CwoEBhUKCQgLAgUWAwIBABYhBBfkVFb0H62SH33Csy9j5/6tpPBjBQJeDONDBQkJQKdFAAoJ EC9j5/6tpPBj/xkP/jXvaCeWK9zrphIn1oFX+ssyrJUnpPR0boj0kFsI8NQSReHJ4camTawp 8mhIWa3VWjY3BiklYhQHzFO2e/4lc8tLKHzTL9bSMRQkbmx+S5ek8JnBy9s6dqx+gNgFmm0I zm8iJeLwI0bOXxyOJ0ZGUif0Kf4ks++5NZNe9ybVnWrhjY63GNfQgJqFCZ2zOb1ua9EkiLWO EvFizody2Br3GuP4WyUgEyXLBwYsEzWYzTLaATbid8pWeghAJI880LTt54EtmLpzDKKrZB4H 4CFxh6IogSZTXIXZUbM6XfjMUpMYCzv+F46Hit01QmJtWlIHfjSRbS9H6b//gpCsAjlaYw2m eBovyl0q4sE9mXYxdTqlk51umsvfewravYsfDpSHZ+7iw9dSoft8CGI8PBSUfp3YhVlBzTeX AjYeQJ+aGsGYvn6I0OT5U085m/PsLzvjjcmgMasoYsThYssRE6UQNxXa7OljRlsTRL8f67Ty 6W3fSV6YLcfMEn5/Z9M6/I9W+V9XiaLgVGht03x2GzyE7On0gk/cgapREotaYiDXTzW4njDQ 5pgi85vBOIKX4shmlJ7TNPWSDEAaZRkZGVHzyw+VY+0gdcI65NXofESOzIRdWAHLeOL2savo LCdNJcophzJG6gbpqF6AawdE6YfJf3lsV6Fgp7qUXt5sNWsWF9f3uQINBFawEqwBEAClJOj1 zOQTMRGzLK/08tEdwR4EwBDiWNci0JtjT59xtJdlGujuf/9wkt9hRIiALqt8U0vHwCzmxVTP Eueewv40WOraJzzDv6OBXJZMeF+IN1/CGrZcn8rLG9J1CyyVf+gCxUUXmpQDlE91iYMB4ifj dTTTizRnVYOQh54TV0yyiL2bn+ZdL8NYNpUbpoG2vppltt0NXv9ib9WPug9Q8Sx33CkkCj3F HJLHeHqo6AkFTpBdSn6/Ezs+ZHpuhNCHtrZyiJOi2YZ8EzpuxDwVjHLh8iXu0amlXSGP5wA7 MpNEtomhGw3bUr3aBcenfS4u/RE3V/y+vXae33LtVmaH7sli0SmrP8iUxkks2qjtS6W2a/qF xlHK/FXBChNIG0uRROvDlIudg6UHzQlK4mBdraGz4etfDpsNAX0x5ssxBTaFrJlZz935GPLR sg4o5f+FYcQrIZGisfCmiH8rdF1bkz450/OyfzS7lTCoxeizOnlamVwUCTfrWah/l8BXgP/i Y6KlbGpfr7aVYvA5e7fPe7uRqzPsxq7pL72r3p/TkNuPtJ7cbShN99p7v/v38STSJ4jbzy2W LMBFw5dJI73XtSGU2g/viZgVfl4Tro4XeYMF/FmRDiYcd+GpuDoB+g+NJYpGRGnr4+GgWl9U YCnN1TE9LSpvehvvKMvGqi0U1ENOUwARAQABiQRbBBgBCAAmAhsCFiEEF+RUVvQfrZIffcKz L2Pn/q2k8GMFAl4M41wFCQlApzACKcFdIAQZAQgABgUCVrASrAAKCRDBCAAOw+Eh5rtYD/wN eZOov+0rwhszfD+IY9fI4qFUjuiKWR06fJ60HV7cStkDW6WtrF+NkUAwH5G0yrA+izyI9wtR 4r5OW5ruPWTRbHxOmsLfRnqh4dKU6uCvtoL+LNzAMyPORiZkzomOaKAPdtiVgECVupLsApDl 4tI2hpMYKmeTVuessXa83oGOi8uQGK/M57Koz20KPfLltJBsCcOwofCUdbmaPOlN/DspOaIe LWzN7qb3pzAuUltBCvVI3VRgqvfh6JSiGyaSUfjghfbtz0uAlZ4wSfHX2+Iw+1/9mlElZjkC y6QgxCb1vMqGSw5u596aGVm7m2zVGLn4/xhpFNbxHUwWre/AAMtJR5ASK3cq2au1U2rOja3f rRfzMuBqTrQGb+OcCaesaOssd7t+RmDKfv0u40z6ls9Mzav+BCXzfOnb3HNAgJE5C/xApTsd xhn5BZoxHy8N2Pc0emWe6JI5UDPlKpuwH6JDKrLaoHhE7Gy2U6iinQcgI5IEEa8wmwoWfkjU 5phTbZVHJ+yTOeZWcbJtyFIX18fbzyrZWguo1EWHubv33KqbiJ6klpfg5chwKXWZIlLmbivp Dv0KRybk5GB+X83OpeAH9dKT3kvcu6midppjFzakSIiaoSJDS9jcqQYEiRG71lnD7QdCoqjb fHZh8HXGYSbenDzisWIRouGsimOyeSaX6QkQL2Pn/q2k8GMJbw//fuKz02SFeJBoJL0riuwa Rz7xhoCuJ6F5T9foj5DMs1Bi2aNxHM+y8s60MrP48HrTmzvoirSR5n7hZdESVoE8HXqKeXD6 EBZyEDWWnqYbMMhdYUS7xKiA8SHMhF8qnT2Yy8OLeuXQPmfJWZcGGivNbmjRoGTh1rbIZPL5 8y5F4uY7TsJwX0nW5mMIngdEmSqoXOINa3+DrjG5zcpoCqGDFGEZSw6B3ZokceOUmSXyO6lk d0tL5G3B0ipUh47RIa81wmJDXqoF0g5nVjO/2fB6wzw9uITHVaLJ6ayCcKWQkyFJABN4ZLaF udK5V4241JieYgmy5uzD5xfKwwqqmj/qbVP0Gmw1mujAnR4KBppdsfDKle4hp/NriVAngKDC UgZwXk75qwbGkS7luHCF1x7sIA1Z332sROCYzALuWi4NzmcCUkdjKoMxqbFabFDpswq8mELe o1aYsyrpkDLOai3/M8EHRFNwgkfyweU+Xe+4H2H/yXeLOa17ED2xNcDnK+SnvFq+Hvsuu9m6 FbwLaAyGKW3d/D4be49/7Cwyk4aHM+nB/ozAvfeLkxXdZYtIIf72UbAHc9oJMLOEY1UqkHJ7 +mOxez7UWqErXxbauX+bZ70u5ipOf5E3wxdo7+E1FRMXReUHCysV0qUqNK/wG/NDFNQxYRnF ubNo7v9TpsmWZ8i5Ag0EVrASywEQAMscigyDy6txQ/cUE8P+S9zMPNbsTSqa3iyj0SREswxm JsrUou+yOt/Y4UxGX+JLc/zjI1+frWE33CNmucYMtrZSrxgQDp+Wp8Ak7UNQlBtRIjdcPqmA EFzgG9OP7If7MJZMeWVd47ybIYUKohuTdFgwJSF80f+DGLLjIchyVZbvyZWSQKIAxfavmZr1 CNEVYXyrL752rLVB+KnQgJaFqHFPp6cO/Y20ViF9QsLRtlref1VrxtdPuILhEKMmmc+ZRsDh J0V8Mi5q8pWcYWrz+JiVRyA1ULAhg6C2ypj1cFNnQyN22XptXbz687bqZQxar5xyAAV4D6i/ 8q1kNgSsbDq+XkWuGjS9kmvLGM9kGARNhMFNguJSgSfqZExPAJhCZ4hVboTKFoRR10482rlO yj0Va0GbmpGqftjNodA4mjpBi52pNymUF+s6eTk13L9DOOJ8d0+2Qd6e4uTeNXJhNW6g2l7b 5dt/bbHMla7hgqRKUtTqQRR2JCpP3vF4sHWnXYdEcJSACarBcxbfdwZBnF9Nwv7GiNTEEg7O +8qwlj16LTB8oNWjOwAHiqg0xQlL8JTz2rkX0gUIW1Hy9A6b6UikViRbmpHXg0s7364Xtxji mkKD8DVnC5NJDiwZztqG2iW7kxJnfA+eAClKEh+niZo5NpjWNUfhjUXM5DNVHtchABEBAAGJ AjwEGAEIACYCGwwWIQQX5FRW9B+tkh99wrMvY+f+raTwYwUCXgzjXAUJCUCnEQAKCRAvY+f+ raTwY0TWEACnl4/g2QvX/bCMTSgAeeHaX3Fs2k0j+XoOe0uwyPRxWzwtvAbipW7fRXdAru1v 4qJkoGQrZpXSKDQL1Ij5x7XM/SB5FaXjMspXZwB0Vh1kuTsdbAXuJhC8kIOsVBrnBOUtbYnY tjJT7yvOy1w1N3PaE9+/oW5DbiODd5LC3ZSG7hzFgYAfg0lm9DX2imPs6wnroWT4AN+Evvjk FC39HMrgavEWjgG2s5VvR15NWtNf/+8BPtMtMACzCeDKMBC+zYsoe0nksCas+XzUihERW2a6 vjCkzb6jVs5+QwapnskrKNw9CG7QTEcPsNXH7w798Q0/hFkAy6c1goH+YBMEmy/TtlXq0lMv TNzvB70Gjot9vc6FdQEeQW4BeEJ4E0Ii/aKV8PITTe45mO0YFyQooW7go1cIkY9Ue7/3ggr6 FXGDjFqNeZaf0S6XficHXHsmKYnObOsuFUfVpBZbhtiahR99VHMbiV+UjdUY3X5+Td5p/VIA sFbHFW7M157wHDJQDKad1NrvWjq5if/cpiKC1VYGLP595jlZUu99JmtwqlEEru6gh0Z94Iv3 8kAcSCf4M9jwwoTXKcHYXHezaFgl8q4op2C0dLWoJihgjXLYHYiQPNiRtkHPOPocDJtu3T1U foURyeSY4YcBgderqZHZgygBpdU0Arc9C5wWy1t9WofUIg==
Message-ID: <e58ae95d-666c-221e-925e-852863747da8@dansarie.se>
Date: Thu, 19 Mar 2020 19:14:04 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <158384881593.15262.11708402472633059534@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="R358F6ugj3Wf3XzkGpt0F2Yx8goefcLRu"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/tMtULO-tLEQVdl09JcOTMzCTFmA>
Subject: Re: [Ntp] Éric Vyncke's No Objection on draft-ietf-ntp-using-nts-for-ntp-23: (with COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 18:14:13 -0000
Hi Éric! Thank you for your work in reviewing the draft. Ragnar has previously replied to some of your points. This reply should address the remaining comments. Kind regards, Marcus Dansarie On 2020-03-10 15:00, Éric Vyncke via Datatracker wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-ntp-using-nts-for-ntp-23: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for the work put into this document. It is easy to read (and this is > important) and it has multiple implementations. Section 9.4 "Initial > Verification of Server Certificates" is indeed a real chicken and egg issue and > quite classical. I am also trusting the security AD and SECDIR for the security > aspects of the protocol. > > Please find below some non-blocking COMMENTs and NITs. An answer will be > appreciated though ;-) > > I hope that this helps to improve the document, > > Regards, > > -éric > > == COMMENTS == > > -- Section 1.1 -- > Authentication is of course a desirable property but I would have assumed that > the time accuracy is even more important. A shift in time -- even minor -- by > one compromised party would even be more important. Section 1.1. of the draft has been updated in response to this comment. > In Figure 1, should there be a comma between "Shared cookie" and "encryption > parameters" between NTS-KE & NTP servers ? The text refers to the fact that the NTS-KE server and NTP servers share the parameters required for cookie encryption and decryption, NOT that they share a cookie (which they don't). > -- Section 4.1.7 -- > While I am a little surprised to see IPv4/IPv6 addresses transmitted as ASCII > strings, please also refer to RFC 5952 for the canonical representation of an > IPv6 address. We are concerned that changing this could cause problems for implementations in embedded devices and other "small" systems. > The sentence "If a label contains at least one non-ASCII character, ..." > probably applies to the FQDN but it would be clearer to say so. Section 4.1.7. has been updated in response to your comment. > Should the FQDN be terminated by a final dot ? Section 4.1.7. has been updated in response to your comment. > == NITS == > > -- Section 7.6 -- > The table will gain clarity by adding an empty line between entries. This will likely be resolved when the RFC Editor updates the table with the correct values.
- [Ntp] Éric Vyncke's No Objection on draft-ietf-nt… Éric Vyncke via Datatracker
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Ragnar Sundblad
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Eric Vyncke (evyncke)
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Sandra Murphy
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Sandra Murphy
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Eric Vyncke (evyncke)
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Hal Murray
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Marcus Dansarie
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Eric Vyncke (evyncke)
- Re: [Ntp] Éric Vyncke's No Objection on draft-iet… Ragnar Sundblad