IETF Logo Mail Archive

Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp

Martin Langer <mart.langer@ostfalia.de> Wed, 12 December 2018 07:38 UTC

Return-Path: <mart.langer@ostfalia.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E1C513112F for <ntp@ietfa.amsl.com>; Tue, 11 Dec 2018 23:38:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sonia.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J67YTAszlU47 for <ntp@ietfa.amsl.com>; Tue, 11 Dec 2018 23:38:51 -0800 (PST)
Received: from mailgate1.sonia.de (mailgate1.sonia.de [141.41.1.242]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DFD612D7F8 for <ntp@ietf.org>; Tue, 11 Dec 2018 23:38:50 -0800 (PST)
Received: from mailgate1.sonia.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 1F7B312EBE; Wed, 12 Dec 2018 08:38:44 +0100 (CET)
Received: from mail.sonia.de (mail.sonia.de [141.41.8.70]) by mailgate1.sonia.de (Postfix) with ESMTP id 6F1D112E98; Wed, 12 Dec 2018 08:38:23 +0100 (CET)
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: text/plain; charset="utf-8"; format="flowed"
Received: from [141.41.39.246] (unknown [141.41.39.246]) by mail.sonia.de (Oracle Communications Messaging Server 7.0.5.37.0 64bit (built Jan 25 2016)) with ESMTPSA id <0PJM00A9B57TFV00@mail.sonia.de>; Wed, 12 Dec 2018 08:38:17 +0100 (CET)
Sender: mart.langer@ostfalia.de
To: Dieter Sibold <dsibold.ietf@gmail.com>
Cc: ntp@ietf.org
References: <FF5E07A6-6F59-4D45-A186-7FC7C9B4A41C@isoc.org> <b4e17d31-967c-d613-2317-633f316e2c66@ostfalia.de> <B6E74685-66C9-4155-8DBF-16008B8F1A56@gmail.com>
From: Martin Langer <mart.langer@ostfalia.de>
Message-id: <48a76104-a055-cc07-52fe-3222a69a0af4@ostfalia.de>
Date: Wed, 12 Dec 2018 08:38:04 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3
In-reply-to: <B6E74685-66C9-4155-8DBF-16008B8F1A56@gmail.com>
Content-language: en-US
X-Antivirus: Avast (VPS 181211-6, 11.12.2018), Outbound message
X-Antivirus-Status: Clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sonia.de; h=mime-version:content-transfer-encoding:content-type:sender:subject:to:cc:references:from:message-id:date:in-reply-to; s=20140129; bh=s9tY7i3NFbsK9FSIwvUXnNHr6zcTcTGbebmKrVTdqZw=; b=OJnaLMafDl2wtTYHJx79bhmAN+CcJCe1GJ4h3FzX+wXZ8ATUfN9C8OtjFtDuQIM8fvQElnPvSiJIZar3Q0nIQ2s1Ad5STNCOE+mQi2RGE7YrAZ4WKLDA9SvQUpJPPCagfF3ID68BOBlD+yNdWOAPzDBDB9bUNhlTOo4m/nwIM60=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/yd2z1pi43xER6QIQ0ba7XKaAAlE>
Subject: Re: [Ntp] WGLC: draft-ietf-ntp-using-nts-for-ntp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2018 07:38:55 -0000

Hello Dieter,

thanks for your reply. You are right. I already talked to Kristof about 
the TLS1.2 / 1.3
question and I agree to provide both versions.

best regards,
Martin

Am 11.12.2018 um 19:40 schrieb Dieter Sibold:
>
> Hi Martin,
> thanks for your comments. See replies inline.
>
> Dieter Sibold
> dsibold.ietf@gmail.com
>
> On 4 Dec 2018, at 10:52, Martin Langer wrote:
>
>> Hello together,
>>
>> the current NTS draft is fine for me and I have just a few comments.
>>
>>
>> page 7:
>>
>> "Implementations MUST NOT negotiate TLS versions earlier than 1.2,
>> SHOULD negotiate TLS 1.3 [RFC8446] or later when possible, and MAY
>> refuse to negotiate any TLS version which has been superseded by a
>> later supported version."
>>
>> -> I guess the minimum TLS version MUST be 1.3. The effort for 
>> developers should be very small.
>> In OpenSSL, I only need one extra line of code to force TLS1.3 and 
>> disable TLS1.2. Many implementations
>> support the final TLS1.3 (RFC) or the latest TLS draft (see: 
>> https://github.com/tlswg/tls13-spec/wiki/Implementations).
>> The remaining platforms will probably follow soon. Therefore, I see 
>> no further need to support older TLS versions
>> than 1.3.
>>
> As authors we had a discussion on this matter. And we decided that the 
> language as it is provide the most flexibility for implementors. It 
> allows to provide TLS 1.2 and 1.3 but it does not mandate to provide 
> 1.2 or 1.3. It only mandates that at least one of these version has to 
> be provided.
>
>
>>
>>
>> page 8:
>>
>> "The semantics of record types 0-6 are specified in this memo."
>> -> must be '0-7'
>>
>>
>>
>> page 15:
>>
>> "Nonce length: Two octets in network byte order, ..."
>> -> must be 'Nonce Length:'
>>
>>
>>
>> page 16:
>>
>> "Additional Padding: Clients which use a nonce length shorter than
>> the maximum allowed by the negotiated AEAD algorithm may be
>> required to include additional zero-padding. The necessary length
>> of this field is specified below."
>>
>> -> This confused me the first time. I thought it was a mistake and 
>> meant 'minimum'.
>> 'maximum' is right, but should we leave this information here?
>>
>> Alternative form:
>> "Additional Padding: The nonce length used by the client maybe required
>> to include additional zero-padding depending on the negotiated AEAD
>> algorithm."
>>
>>
>>
>> page 17:
>>
>> "The purpose of the Additional Padding field is to ensure that servers
>> can always choose a nonce whose length is adequate to ensure its
>> uniqueness, even if the client chooses a shorter one, and still
>> ensure that the overall length of the server’s response packet. does
>> not exceed the length of the request."
>>
>> -> in the penultimate line is a dot
>>
>>
>>
>> page 19:
>>
>> -> The timelines are different in length. (the client line need one 
>> more '-')
>>
>>
>>
>> page 27:
>>
>> "The Network Time Security Warning Codes Registry SHALL initally be
>> empty except for the reserved range, i.e.:"
>>
>> -> typo: 'initially'
>>
>>
>>
>> best regards,
>> Martin
>>
>>
>>
>>
>> Am 06.11.2018 um 21:46 schrieb Karen O'Donoghue:
>>> Folks,
>>>
>>> This message initiates a three plus week working group last call for:
>>>
>>> Network Time Security for the Network Time Protocol
>>> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
>>>
>>> Please review the referenced document and send any comments to the 
>>> mailing list including your assessment of whether this document is 
>>> mature enough to proceed to the IESG. Please note that these 
>>> messages of support for progression to the mailing list will be used 
>>> to determine WG consensus to proceed.
>>>
>>> Please send all comments in by COB on Friday 30 November. We realize 
>>> this is a bit longer than normal but we are coming out of an IETF 
>>> week and heading into the Thanksgiving holiday in the US.
>>>
>>> Thanks!
>>> Karen and Dieter
>>> _______________________________________________
>>> ntp mailing list
>>> ntp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ntp
>>
>> -- 
>> Martin Langer, M.Eng.
>> Ostfalia Hochschule für angewandte Wissenschaften
>> - Hochschule Braunschweig/Wolfenbüttel
>> University of Applied Sciences
>>
>> Labor Datentechnik, Labor Design Digitaler Systeme
>> Fakultät Elektrotechnik
>> Salzdahlumer Straße 46/48
>> 38302 Wolfenbüttel
>> Germany
>>
>> Tel. : +49 5331 939 43370
>> Web  : 
>> https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer
>>
>> _______________________________________________
>> ntp mailing list
>> ntp@ietf.org
>> https://www.ietf.org/mailman/listinfo/ntp

-- 
Martin Langer, M.Eng.
Ostfalia Hochschule für angewandte Wissenschaften
- Hochschule Braunschweig/Wolfenbüttel
University of Applied Sciences

Labor Datentechnik, Labor Design Digitaler Systeme
Fakultät Elektrotechnik
Salzdahlumer Straße 46/48
38302 Wolfenbüttel
Germany

Tel. : +49 5331 939 43370
Web  : https://www.ostfalia.de/cms/de/pws/bermbach/mitarbeiter/martin-langer

v2.23.0 | Report a Bug | By Email