Re: [Ntp] NTS and validation

"Langer, Martin" <mart.langer@ostfalia.de> Mon, 13 September 2021 13:11 UTC

Return-Path: <mart.langer@ostfalia.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9983A0E59 for <ntp@ietfa.amsl.com>; Mon, 13 Sep 2021 06:11:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6bpJZGsd-xZ for <ntp@ietfa.amsl.com>; Mon, 13 Sep 2021 06:11:44 -0700 (PDT)
Received: from mx1.sonia.de (mx1.sonia.de [141.41.1.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 929193A0E51 for <ntp@ietf.org>; Mon, 13 Sep 2021 06:11:43 -0700 (PDT)
Received: from mx1.sonia.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id BDEC21C802E4; Mon, 13 Sep 2021 15:11:40 +0200 (CEST)
Received: from exchange03.resource.sonia.de (exchange03.resource.sonia.de [141.41.8.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.sonia.de (Postfix) with ESMTPS id B9BC31C802DE; Mon, 13 Sep 2021 15:11:39 +0200 (CEST)
From: "Langer, Martin" <mart.langer@ostfalia.de>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: NTS and validation
Thread-Index: AQHXqJ/xLx6v2hC+IkGy7FQYZWjyMKuh8FQA
Date: Mon, 13 Sep 2021 13:11:39 +0000
Message-ID: <72c8d3eee56d407ead771820a19b6505@ostfalia.de>
References: <C4C1DCA2-6279-43B2-8D88-32FBF23DDCAE@akamai.com>
In-Reply-To: <C4C1DCA2-6279-43B2-8D88-32FBF23DDCAE@akamai.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [141.41.8.54]
Content-Type: multipart/alternative; boundary="_000_72c8d3eee56d407ead771820a19b6505ostfaliade_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/w91gIPzOlntnLAGhHxITm4hWbeI>
Subject: Re: [Ntp] NTS and validation
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2021 13:11:50 -0000

Yes, NTS uses TLS for key establishment. An NTP client also checks the certificate of the TLS server (= NTS-KE server).


greetings,

Martin


-------------------
Martin Langer, M.Eng.
Ostfalia Hochschule für angewandte Wissenschaften
- Hochschule Braunschweig/Wolfenbüttel
University of Applied Sciences

Labor Datentechnik, Labor Design Digitaler Systeme
Fakultät Elektrotechnik
Salzdahlumer Straße 46/48
38302 Wolfenbüttel
Germany

Tel.: +49 5331 939 43370
Web: https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer


________________________________
Von: ntp <ntp-bounces@ietf.org> im Auftrag von Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Gesendet: Montag, 13. September 2021 15:04:53
An: ntp@ietf.org
Betreff: [Ntp] NTS and validation

Question for NTS implementors: do you validate the server certificate?

I’m the primary author updating RFC 6125. QUIC uses TLS to set up its key material, like NTS, and it does the certificate validation the way TLS does.  NTS the same?