IETF Logo Mail Archive

Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac

Matthew Van Gundy <mvangund@cisco.com> Tue, 27 February 2018 23:09 UTC

Return-Path: <mvangund@cisco.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF8712E8D5; Tue, 27 Feb 2018 15:09:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYn_Btgj88GJ; Tue, 27 Feb 2018 15:09:28 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BF2E12E8C7; Tue, 27 Feb 2018 15:09:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2442; q=dns/txt; s=iport; t=1519772968; x=1520982568; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=CNRWZAq3dXvmUiiqkQson+npWdfMJ4Xmcnf8SXhbH/8=; b=ZuW18UdAQi+wGe/mYKkwLCjoXZwxbrDPGE9/bIOmA2BZbfOENVQSqLGT dJrUki5aotTR/b8UuJf/XRBUCCYwP6Fx48ctHD5IkSN8xoE/VkZy9YDWH AozEVxzzVSOlJo9cLaRlFJ9ftwLbNdYgNFB/agCBFYHCPb7os1msYt4Nc s=;
X-Files: signature.asc : 269
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AFAQDB5JVa/4cNJK1eGQEBAQEBAQEBAQEBAQcBAQEBAYMfMWZwKI12dI0LggKBFpQqghUHAxgLhQ8CgkxUGAECAQEBAQEBAmsohSQBAQQBAWwLBQsLGAkeBw8FEx8XE4UVEK4PiHKCFgEBAQEBAQEBAQEBAQEBAQEBAQEBGQWHSoM9gy2DLgEBAwGHXAWOZotoCYZQihSBc4Q0hzSBJol6h1aBLh44gVEzGggbFTqCQ4R4WYxfAQEB
X-IronPort-AV: E=Sophos;i="5.47,403,1515456000"; d="asc'?scan'208";a="362719112"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Feb 2018 23:09:27 +0000
Received: from elmers.localdomain (elmers.cisco.com [64.100.220.12]) by alln-core-2.cisco.com (8.14.5/8.14.5) with SMTP id w1RN9RnW021496; Tue, 27 Feb 2018 23:09:27 GMT
Received: from mvangund-retina.ddns.asig.cisco.com (mvangund-retina.ddns.asig.cisco.com [64.100.220.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by elmers.localdomain (Postfix) with ESMTPS id 3zrZCB6RhHzFpdK; Tue, 27 Feb 2018 18:09:26 -0500 (EST)
Date: Tue, 27 Feb 2018 18:09:25 -0500
From: Matthew Van Gundy <mvangund@cisco.com>
To: Karen O'Donoghue <odonoghue@isoc.org>
Cc: "ntp@ietf.org" <ntp@ietf.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Message-ID: <20180227230925.GJ33838@mvangund-retina.ddns.asig.cisco.com>
References: <CF57EAFE-31F0-4ADD-A209-1802DB6CA643@isoc.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="6CXocAQn8Xbegyxo"
Content-Disposition: inline
In-Reply-To: <CF57EAFE-31F0-4ADD-A209-1802DB6CA643@isoc.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tictoc/Eadi26KcAxeLZkfEolozbc40cCQ>
Subject: Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 23:09:30 -0000

Hi All,

Forgive me if this has been discussed and I missed it.  But, to
improve quantum resistance should the draft recommend AES-256 over
AES-128?  I realize that the RFC 4493 construction specifically uses
AES-128, but is there any barrier to using AES-256?

Similarly, the draft says that the "MAC tag SHOULD be 128 bits long"
but doesn't describe any situations where the MAC tag would be another
length.  Given that a tags that are not an integer multiple of 32-bit
words violate RFC 5905 and it appears that MAC tags that are not
128-bits in length also violate RFC 5905.  (In practice ntp.org's ntpd
handles MAC tags up to 160-bits in length gracefully, but RFC 5905 appears
to restrict MAC tag length to 128-bits.)

If there are situations where the MAC tags MAY be a length other than
128-bits, it would probably be useful to articulate the criteria for
acceptable MAC tag lengths.

Cheers,
Matt



On Wed, Aug 09, 2017 at 04:53:43AM +0000, Karen O'Donoghue wrote:
> Folks,
> 
> This begins a three week working group last call (WGLC) for "Message Authentication Code for the Network Time Protocol"
> https://datatracker.ietf.org/doc/draft-ietf-ntp-mac/
> 
> Please review and provide comments to the mailing list by no later than 31 August 2017. Earlier comments and discussion would be appreciated. Please note that the chairs will be using this WGLC to determine consensus to move this document forward to the IESG.
> 
> Also, as a reminder, we have migrated the working group mailing list to IETF infrastructure. Please respond to ntp@ietf.org<mailto:ntp@ietf.org>.
> 
> Regards,
> Karen and Dieter

> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp


-- 
Matthew Van Gundy, Technical Leader
Advanced Security Initiatives Group
Cisco Systems, Inc.

v2.23.0 | Report a Bug | By Email