[ntpwg] Status Update: The question of CMS vs. (D)TLS

kristof.teichel@ptb.de Thu, 09 July 2015 16:51 UTC

MIME-Version: 1.0
Importance: Normal
In-Reply-To:
References:
From: kristof.teichel@ptb.de
To: ntpwg@lists.ntp.org
Message-ID: <OFEB61209A.6046EE83-ONC1257E7D.005C96B4-C1257E7D.005C96B8@ptb.de>
Date: Thu, 09 Jul 2015 18:51:18 +0200
Subject: [ntpwg] Status Update: The question of CMS vs. (D)TLS
Precedence: list
Content-Type: multipart/mixed; boundary="===============5426612813272470592=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

Hello everybody,

I just wanted to comment on the progress regarding our announced work on the NTS drafts. We have submitted new versions of all three draft in which we pretty much followed up on what we said in the announcemant cited below.

What we did not yet manage to include is a satisfactory treatment of the alternative security mechanisms for the bootstrapping/association phase (i.e. performing this phase via (D)TLS). Also missing but intended is some kind of usage of Photuris cookies for our CMS-based association approach. We will try to get some wording for these aspects into the drafts soon.

Of course, we would appreciate any feedback on the new draft versions, at the IETF meeting in Prague or on this list.

Best regards,

Kristof

>An: ntpwg@lists.ntp.org
>Von: kristof.teichel@ptb.de
>Gesendet von: "ntpwg"
>Datum: 05.06.2015 12:57
>Betreff: [ntpwg] NTS: The question of CMS vs. (D)TLS
>
>Hello all of you,
>
>
>
>as promised in the WebEx meeting yesterday,
>here is a short description of what we intend to do about the
>question
>of CMS vs. DTLS (or other external security mechanisms) for the
>initial
>exchange of NTS security data.
>
>
>
>(1) Main draft (draft-ietf-ntp-network-time-security):
>
>- For this draft, we intend to leave
>the question completely open. This draft will only state which
>cryptographic
>data needs to be exchanged for bootstrapping NTS (that is to say:
>association,
>authentication, and cookie exchange), and describe what the security
>conditions
>for this exchange are (for example: the cookie needs to be exchanged
>in
>a way that guarantees authenticity and secrecy).
>
>- The message exchanges belonging to
>the bootstrapping process (i.e: association exchange, cookie exchange
>and
>probably broadcast parameter exchange) will be moved to an
>informational
>appendix, This appendix will state that implementing these exchanges
>properly
>is one possible way of securely communicating the data required for
>bootstrapping.
>
>
>(2) Draft for utilization of NTS for
>NTP (draft-ietf-ntp-using-nts-for-ntp)
>
>- In this draft, we intend to specify
>that for bootstrapping, an implementation MUST support the use of the
>CMS-based
>message exchanges, as described in the informational appendix
>mentioned
>above.
>
>- We will further specify that an implementation
>MAY also support other methods for bootstrapping, for example
>exchanging
>the necessary data via DTLS or DANE. Any such method needs to fulfill
>the
>requirements given in the main draft.
>
>
>We would welcome written feedback on
>this approach, especially from Richard (because making the support of
>CMS-based
>exchanges madatory constitutes a considerable work assignment to him)
>and
>from Florian (because he was the one who advocated techniques
>different
>from defining our own bootstrapping exchanges).
>
>
>Best regards,
>
>Kristof and Dieter
>_______________________________________________
>ntpwg mailing list
>ntpwg@lists.ntp.org
>http://lists.ntp.org/listinfo/ntpwg

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

[ntpwg] Status Update: The question of CMS vs. (D… kristof.teichel