IETF Logo Mail Archive

Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp

"Dieter Sibold" <dsibold.ietf@gmail.com> Tue, 11 December 2018 18:40 UTC

Return-Path: <dsibold.ietf@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10D56130F02 for <ntp@ietfa.amsl.com>; Tue, 11 Dec 2018 10:40:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r7O66A6Q4qA4 for <ntp@ietfa.amsl.com>; Tue, 11 Dec 2018 10:40:23 -0800 (PST)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54A57130F06 for <ntp@ietf.org>; Tue, 11 Dec 2018 10:40:23 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id y56so13371855edd.11 for <ntp@ietf.org>; Tue, 11 Dec 2018 10:40:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vjCcVO0NjEXO+3WTEPE4l+qzm+XEv9n/ZWf3HXdMNsg=; b=d5dS2xLxbjfa4um84awOelXLlUhioj0RMAIgLIpqpbY/y3bbNeziwqsib8l3CFri7d n2Nr+S8vOxGfacBKByCFOPROy+bmxg6WBBDa8HoXYkrp9Y9KvayycMNvt7lc3pUVaSSB oxxCRmReeQLQDAffRng7IZVoNzKcm720whIMZDnlgFXkHeXtu3OjFhkKYK7dCcEWYtig zyy7FfwaGM3iNuRM+1lUynaeydaas84v1Iv4Di950t5mx23vFSgtiSEeHaH0+VAv3+iN q2CI0ElI+rHLin8ak3vVzVsRjaK3zz+rAXHbnuv5Bo0Ns9awYNY/+YUtffEhb3fSMGvO Z6DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vjCcVO0NjEXO+3WTEPE4l+qzm+XEv9n/ZWf3HXdMNsg=; b=Uhg4gjFyDcxPzqdXumVO1xRJBT6X7ho9Jz8sWGsAwOZxe/AQ8EaiH+FW5DsOs7KJgm gUTVC4NAjHvTt42l0TtmVuN70+LRhhYoafPVbjBd2PqFKjWN34OssCymYDC4rNmNsiX2 v6S+NhMMQmwIlYvVZ61rlvdjhKbTsBhAGXxf8xhvNc+JgutCWqeuix90I7i+LhdCX6lU cNFinLJfTDDRQ17eiBguZyXyC9/IWEpuprXCAdjxyubwjsmRF/nC7DVeXUK9mmvyI8+r GuXA9mmwceNzG4Ih10kd5wY1Tz4Hxlxkg1efWTqPGTS2Nb4s0yFUb6NVdw/Yapbr52zO /M2Q==
X-Gm-Message-State: AA+aEWZswuCTIGGWfYkuzzUgcbaR973enDb4LOf2/4G8ygtd/CvyUM8A ICIIw3sIV/haHP5dm37AXsA=
X-Google-Smtp-Source: AFSGD/WcBlCWYZj2+WajEdrmiUMxy5xQI4XIbg2793wEYz9RNtMWwk0Lg5gaNVzky9Jj/bIIWOtN8Q==
X-Received: by 2002:a50:cd5c:: with SMTP id d28mr15326083edj.176.1544553621472; Tue, 11 Dec 2018 10:40:21 -0800 (PST)
Received: from [192.168.178.23] (p200300D17F1184007499533E8693351A.dip0.t-ipconnect.de. [2003:d1:7f11:8400:7499:533e:8693:351a]) by smtp.gmail.com with ESMTPSA id gy12-v6sm2321217ejb.44.2018.12.11.10.40.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Dec 2018 10:40:20 -0800 (PST)
From: Dieter Sibold <dsibold.ietf@gmail.com>
To: Martin Langer <mart.langer@ostfalia.de>
Cc: ntp@ietf.org
Date: Tue, 11 Dec 2018 19:40:18 +0100
X-Mailer: MailMate Trial (1.12.2r5568)
Message-ID: <B6E74685-66C9-4155-8DBF-16008B8F1A56@gmail.com>
In-Reply-To: <b4e17d31-967c-d613-2317-633f316e2c66@ostfalia.de>
References: <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <b4e17d31-967c-d613-2317-633f316e2c66@ostfalia.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/x46aNG8RQPc0Yk5iP30PRtIVHLc>
Subject: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 18:40:26 -0000

Hi Martin,
thanks for your comments. See replies inline.

Dieter Sibold
dsibold.ietf@gmail.com

On 4 Dec 2018, at 10:52, Martin Langer wrote:

> Hello together,
>
> the current NTS draft is fine for me and I have just a few comments.
>
>
> page 7:
>
> "Implementations MUST NOT negotiate TLS versions earlier than 1.2,
> SHOULD negotiate TLS 1.3 [RFC8446] or later when possible, and MAY
> refuse to negotiate any TLS version which has been superseded by a
> later supported version."
>
> -> I guess the minimum TLS version MUST be 1.3. The effort for 
> developers should be very small.
> In OpenSSL, I only need one extra line of code to force TLS1.3 and 
> disable TLS1.2. Many implementations
> support the final TLS1.3 (RFC) or the latest TLS draft (see: 
> https://github.com/tlswg/tls13-spec/wiki/Implementations).
> The remaining platforms will probably follow soon. Therefore, I see no 
> further need to support older TLS versions
> than 1.3.
>
As authors we had a discussion on this matter. And we decided that the 
language as it is provide the most flexibility for implementors. It 
allows to provide TLS 1.2 and 1.3 but it does not mandate to provide 1.2 
or 1.3. It only mandates that at least one of these version has to be 
provided.


>
>
> page 8:
>
> "The semantics of record types 0-6 are specified in this memo."
> -> must be '0-7'
>
>
>
> page 15:
>
> "Nonce length: Two octets in network byte order, ..."
> -> must be 'Nonce Length:'
>
>
>
> page 16:
>
> "Additional Padding: Clients which use a nonce length shorter than
> the maximum allowed by the negotiated AEAD algorithm may be
> required to include additional zero-padding. The necessary length
> of this field is specified below."
>
> -> This confused me the first time. I thought it was a mistake and 
> meant 'minimum'.
> 'maximum' is right, but should we leave this information here?
>
> Alternative form:
> "Additional Padding: The nonce length used by the client maybe 
> required
> to include additional zero-padding depending on the negotiated AEAD
> algorithm."
>
>
>
> page 17:
>
> "The purpose of the Additional Padding field is to ensure that servers
> can always choose a nonce whose length is adequate to ensure its
> uniqueness, even if the client chooses a shorter one, and still
> ensure that the overall length of the server’s response packet. does
> not exceed the length of the request."
>
> -> in the penultimate line is a dot
>
>
>
> page 19:
>
> -> The timelines are different in length. (the client line need one 
> more '-')
>
>
>
> page 27:
>
> "The Network Time Security Warning Codes Registry SHALL initally be
> empty except for the reserved range, i.e.:"
>
> -> typo: 'initially'
>
>
>
> best regards,
> Martin
>
>
>
>
> Am 06.11.2018 um 21:46 schrieb Karen O'Donoghue:
>> Folks,
>>
>> This message initiates a three plus week working group last call for:
>>
>> Network Time Security for the Network Time Protocol
>> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
>>
>> Please review the referenced document and send any comments to the 
>> mailing list including your assessment of whether this document is 
>> mature enough to proceed to the IESG. Please note that these messages 
>> of support for progression to the mailing list will be used to 
>> determine WG consensus to proceed.
>>
>> Please send all comments in by COB on Friday 30 November. We realize 
>> this is a bit longer than normal but we are coming out of an IETF 
>> week and heading into the Thanksgiving holiday in the US.
>>
>> Thanks!
>> Karen and Dieter
>> _______________________________________________
>> ntp mailing list
>> ntp@ietf.org
>> https://www.ietf.org/mailman/listinfo/ntp
>
> -- 
> Martin Langer, M.Eng.
> Ostfalia Hochschule für angewandte Wissenschaften
> - Hochschule Braunschweig/Wolfenbüttel
> University of Applied Sciences
>
> Labor Datentechnik, Labor Design Digitaler Systeme
> Fakultät Elektrotechnik
> Salzdahlumer Straße 46/48
> 38302 Wolfenbüttel
> Germany
>
> Tel. : +49 5331 939 43370
> Web  : 
> https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email