[ntpwg] Status Update: The question of CMS vs. (D)TLS
kristof.teichel@ptb.de Thu, 09 July 2015 16:51 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E60A1B2AD1 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Thu, 9 Jul 2015 09:51:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqAcAB7U0Ivk for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Thu, 9 Jul 2015 09:51:55 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id 1077E1A0242 for <ntp-archives-ahFae6za@lists.ietf.org>; Thu, 9 Jul 2015 09:51:54 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 099A986DAF2 for <ntp-archives-ahFae6za@lists.ietf.org>; Thu, 9 Jul 2015 16:51:53 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id AAFAF86D9B1 for <ntpwg@lists.ntp.org>; Thu, 9 Jul 2015 16:51:32 +0000 (UTC)
Received: from mx1.bs.ptb.de ([192.53.103.106]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <kristof.teichel@ptb.de>) id 1ZDF2h-00041s-HU for ntpwg@lists.ntp.org; Thu, 09 Jul 2015 16:51:32 +0000
Received: from mx1.bs.ptb.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id CEAFAD8D763 for <ntpwg@lists.ntp.org>; Thu, 9 Jul 2015 18:51:20 +0200 (CEST)
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by mx1.bs.ptb.de (Postfix) with ESMTP id C09E2D8D646 for <ntpwg@lists.ntp.org>; Thu, 9 Jul 2015 18:51:20 +0200 (CEST)
X-Disclaimed: 1
MIME-Version: 1.0
Importance: Normal
X-Priority: 3 (Normal)
In-Reply-To:
References:
From: kristof.teichel@ptb.de
To: ntpwg@lists.ntp.org
Message-ID: <OFEB61209A.6046EE83-ONC1257E7D.005C96B4-C1257E7D.005C96B8@ptb.de>
Date: Thu, 09 Jul 2015 18:51:18 +0200
X-Mailer: Lotus Domino Web Server Release 9.0.1FP4 June 07, 2015
X-MIMETrack: Serialize by http on WEBMAIL01/PTB(Release 9.0.1FP4|June 07, 2015) at 07/09/2015 18:51:18, Serialize complete at 07/09/2015 18:51:19, Serialize by Router on LOTUS/PTB(Release 9.0.1FP4|June 07, 2015) at 09.07.2015 18:51:14
X-SA-Exim-Connect-IP: 192.53.103.106
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: kristof.teichel@ptb.de
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: [ntpwg] Status Update: The question of CMS vs. (D)TLS
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============5426612813272470592=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
>An: ntpwg@lists.ntp.org
>Von: kristof.teichel@ptb.de
>Gesendet von: "ntpwg"
>Datum: 05.06.2015 12:57
>Betreff: [ntpwg] NTS: The question of CMS vs. (D)TLS
>
>Hello all of you,
>
>
>
>as promised in the WebEx meeting yesterday,
>here is a short description of what we intend to do about the
>question
>of CMS vs. DTLS (or other external security mechanisms) for the
>initial
>exchange of NTS security data.
>
>
>
>(1) Main draft (draft-ietf-ntp-network-time-security):
>
>- For this draft, we intend to leave
>the question completely open. This draft will only state which
>cryptographic
>data needs to be exchanged for bootstrapping NTS (that is to say:
>association,
>authentication, and cookie exchange), and describe what the security
>conditions
>for this exchange are (for example: the cookie needs to be exchanged
>in
>a way that guarantees authenticity and secrecy).
>
>- The message exchanges belonging to
>the bootstrapping process (i.e: association exchange, cookie exchange
>and
>probably broadcast parameter exchange) will be moved to an
>informational
>appendix, This appendix will state that implementing these exchanges
>properly
>is one possible way of securely communicating the data required for
>bootstrapping.
>
>
>(2) Draft for utilization of NTS for
>NTP (draft-ietf-ntp-using-nts-for-ntp)
>
>- In this draft, we intend to specify
>that for bootstrapping, an implementation MUST support the use of the
>CMS-based
>message exchanges, as described in the informational appendix
>mentioned
>above.
>
>- We will further specify that an implementation
>MAY also support other methods for bootstrapping, for example
>exchanging
>the necessary data via DTLS or DANE. Any such method needs to fulfill
>the
>requirements given in the main draft.
>
>
>We would welcome written feedback on
>this approach, especially from Richard (because making the support of
>CMS-based
>exchanges madatory constitutes a considerable work assignment to him)
>and
>from Florian (because he was the one who advocated techniques
>different
>from defining our own bootstrapping exchanges).
>
>
>Best regards,
>
>Kristof and Dieter
>_______________________________________________
>ntpwg mailing list
>ntpwg@lists.ntp.org
>http://lists.ntp.org/listinfo/ntpwg
_______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- [ntpwg] Status Update: The question of CMS vs. (D… kristof.teichel