Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac
Matthew Van Gundy <mvangund@cisco.com> Tue, 27 February 2018 23:09 UTC
Return-Path: <mvangund@cisco.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF8712E8D5; Tue, 27 Feb 2018 15:09:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYn_Btgj88GJ; Tue, 27 Feb 2018 15:09:28 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BF2E12E8C7; Tue, 27 Feb 2018 15:09:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2442; q=dns/txt; s=iport; t=1519772968; x=1520982568; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=CNRWZAq3dXvmUiiqkQson+npWdfMJ4Xmcnf8SXhbH/8=; b=ZuW18UdAQi+wGe/mYKkwLCjoXZwxbrDPGE9/bIOmA2BZbfOENVQSqLGT dJrUki5aotTR/b8UuJf/XRBUCCYwP6Fx48ctHD5IkSN8xoE/VkZy9YDWH AozEVxzzVSOlJo9cLaRlFJ9ftwLbNdYgNFB/agCBFYHCPb7os1msYt4Nc s=;
X-Files: signature.asc : 269
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AFAQDB5JVa/4cNJK1eGQEBAQEBAQEBAQEBAQcBAQEBAYMfMWZwKI12dI0LggKBFpQqghUHAxgLhQ8CgkxUGAECAQEBAQEBAmsohSQBAQQBAWwLBQsLGAkeBw8FEx8XE4UVEK4PiHKCFgEBAQEBAQEBAQEBAQEBAQEBAQEBGQWHSoM9gy2DLgEBAwGHXAWOZotoCYZQihSBc4Q0hzSBJol6h1aBLh44gVEzGggbFTqCQ4R4WYxfAQEB
X-IronPort-AV: E=Sophos;i="5.47,403,1515456000"; d="asc'?scan'208";a="362719112"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Feb 2018 23:09:27 +0000
Received: from elmers.localdomain (elmers.cisco.com [64.100.220.12]) by alln-core-2.cisco.com (8.14.5/8.14.5) with SMTP id w1RN9RnW021496; Tue, 27 Feb 2018 23:09:27 GMT
Received: from mvangund-retina.ddns.asig.cisco.com (mvangund-retina.ddns.asig.cisco.com [64.100.220.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by elmers.localdomain (Postfix) with ESMTPS id 3zrZCB6RhHzFpdK; Tue, 27 Feb 2018 18:09:26 -0500 (EST)
Date: Tue, 27 Feb 2018 18:09:25 -0500
From: Matthew Van Gundy <mvangund@cisco.com>
To: Karen O'Donoghue <odonoghue@isoc.org>
Cc: "ntp@ietf.org" <ntp@ietf.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Message-ID: <20180227230925.GJ33838@mvangund-retina.ddns.asig.cisco.com>
References: <CF57EAFE-31F0-4ADD-A209-1802DB6CA643@isoc.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="6CXocAQn8Xbegyxo"
Content-Disposition: inline
In-Reply-To: <CF57EAFE-31F0-4ADD-A209-1802DB6CA643@isoc.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tictoc/Eadi26KcAxeLZkfEolozbc40cCQ>
Subject: Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 23:09:30 -0000
Hi All, Forgive me if this has been discussed and I missed it. But, to improve quantum resistance should the draft recommend AES-256 over AES-128? I realize that the RFC 4493 construction specifically uses AES-128, but is there any barrier to using AES-256? Similarly, the draft says that the "MAC tag SHOULD be 128 bits long" but doesn't describe any situations where the MAC tag would be another length. Given that a tags that are not an integer multiple of 32-bit words violate RFC 5905 and it appears that MAC tags that are not 128-bits in length also violate RFC 5905. (In practice ntp.org's ntpd handles MAC tags up to 160-bits in length gracefully, but RFC 5905 appears to restrict MAC tag length to 128-bits.) If there are situations where the MAC tags MAY be a length other than 128-bits, it would probably be useful to articulate the criteria for acceptable MAC tag lengths. Cheers, Matt On Wed, Aug 09, 2017 at 04:53:43AM +0000, Karen O'Donoghue wrote: > Folks, > > This begins a three week working group last call (WGLC) for "Message Authentication Code for the Network Time Protocol" > https://datatracker.ietf.org/doc/draft-ietf-ntp-mac/ > > Please review and provide comments to the mailing list by no later than 31 August 2017. Earlier comments and discussion would be appreciated. Please note that the chairs will be using this WGLC to determine consensus to move this document forward to the IESG. > > Also, as a reminder, we have migrated the working group mailing list to IETF infrastructure. Please respond to ntp@ietf.org<mailto:ntp@ietf.org>. > > Regards, > Karen and Dieter > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp -- Matthew Van Gundy, Technical Leader Advanced Security Initiatives Group Cisco Systems, Inc.
- [TICTOC] WGLC for draft-ietf-ntp-mac Karen O'Donoghue
- Re: [TICTOC] WGLC for draft-ietf-ntp-mac Tal Mizrahi
- [TICTOC] REMINDER: WGLC for draft-ietf-ntp-mac Karen O'Donoghue
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Daniel Franke
- Re: [TICTOC] WGLC for draft-ietf-ntp-mac Jiangyuanlong
- [TICTOC] Antw: Re: [Ntp] WGLC for draft-ietf-ntp-… Ulrich Windl
- Re: [TICTOC] REMINDER: WGLC for draft-ietf-ntp-mac Greg Dowd
- [TICTOC] Antw: Re: [Ntp] WGLC for draft-ietf-ntp-… Ulrich Windl
- Re: [TICTOC] Antw: Re: [Ntp] WGLC for draft-ietf-… Jiangyuanlong
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Miroslav Lichvar
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Sharon Goldberg
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Daniel Franke
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Sharon Goldberg
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Matthew Van Gundy
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Harlan Stenn
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Daniel Franke
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Matthew Van Gundy
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Harlan Stenn