IETF Logo Mail Archive

Re: [TICTOC] [ntpwg] WGLC on NTS: Why not run over IPsec?

kristof.teichel@ptb.de Wed, 30 March 2016 10:54 UTC

Return-Path: <kristof.teichel@ptb.de>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E06FA12D600 for <tictoc@ietfa.amsl.com>; Wed, 30 Mar 2016 03:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.809
X-Spam-Level:
X-Spam-Status: No, score=-0.809 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZX198Oxp1iSL for <tictoc@ietfa.amsl.com>; Wed, 30 Mar 2016 03:54:54 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDA3712D5F5 for <tictoc@ietf.org>; Wed, 30 Mar 2016 03:54:53 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id u2UAsoqX029077-u2UAsoqZ029077 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 30 Mar 2016 12:54:50 +0200
Received: from rose.bs.ptb.de (rose.bs.ptb.de [141.25.85.201]) by smtp-hub.bs.ptb.de (Postfix) with ESMTP id 80FABC3605; Wed, 30 Mar 2016 12:54:50 +0200 (CEST)
MIME-Version: 1.0
X-Disclaimed: 1
Importance: Normal
X-Priority: 3 (Normal)
In-Reply-To: <20160330090333.6D750406076@ip-64-139-1-69.sjc.megapath.net>
References: <20160330090333.6D750406076@ip-64-139-1-69.sjc.megapath.net>
From: kristof.teichel@ptb.de
To: Hal Murray <hmurray@megapathdsl.net>
Message-ID: <OF13093F06.81938EB0-ONC1257F86.003BD6F7-C1257F86.003BF37F@ptb.de>
Date: Wed, 30 Mar 2016 12:54:49 +0200
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="ISO-8859-1"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tictoc/Ci7c9i_mEhBI4ZxFVGvxTFAj1Ag>
Cc: ntpwg@lists.ntp.org, tictoc@ietf.org
Subject: Re: [TICTOC] [ntpwg] WGLC on NTS: Why not run over IPsec?
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2016 10:54:55 -0000

>> Maybe someone would be interested in following up on this and
>> write up a
>> paragraph about how best to use/configure IPsec to secure NTP
>>traffic
>> (and possibly some pros and cons about doing this, too). This
>> text
>> might, for example, be added to the Security Considerations of
>> the NTP
>> BCP document.
>> What do people think about this?
>
>I think a BCP style writeup of how to use IPSec with NTP would be a
>good
>idea. I assume it gets complicated if you don't have a shared key.
>
>I think an overview document comparing various approaches for
>authenticating
>NTP would be a good idea.

For the latter document (overview of authentication approaches), I would voice cautious interest in contributing.

v2.23.0 | Report a Bug | By Email