Re: [TICTOC] [ntpwg] security ID submitted for review
Kurt Roeckx <kurt@roeckx.be> Wed, 07 August 2013 11:45 UTC
Return-Path: <kurt@roeckx.be>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 154AA21F9BD8 for <tictoc@ietfa.amsl.com>; Wed, 7 Aug 2013 04:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.17
X-Spam-Level:
X-Spam-Status: No, score=-3.17 tagged_above=-999 required=5 tests=[AWL=-0.571, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYVvQq8nwqCz for <tictoc@ietfa.amsl.com>; Wed, 7 Aug 2013 04:45:39 -0700 (PDT)
Received: from jacques.telenet-ops.be (jacques.telenet-ops.be [195.130.132.50]) by ietfa.amsl.com (Postfix) with ESMTP id CA37621F9A40 for <tictoc@ietf.org>; Wed, 7 Aug 2013 04:45:38 -0700 (PDT)
Received: from intrepid.roeckx.be ([94.226.199.45]) by jacques.telenet-ops.be with bizsmtp id 9nlX1m00R0zFtyu0JnlXda; Wed, 07 Aug 2013 13:45:32 +0200
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id 9F804EB1C9; Wed, 7 Aug 2013 13:45:30 +0200 (CEST)
Date: Wed, 07 Aug 2013 13:45:30 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: "David L. Mills" <mills@udel.edu>
Message-ID: <20130807114530.GA20391@roeckx.be>
References: <51FAC820.3090401@udel.edu> <20130803174008.GA17578@roeckx.be> <52019C7B.9070602@udel.edu> <20130807102324.GA17618@roeckx.be>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20130807102324.GA17618@roeckx.be>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: NTP Working Group <ntpwg@lists.ntp.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Subject: Re: [TICTOC] [ntpwg] security ID submitted for review
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 11:45:45 -0000
On Wed, Aug 07, 2013 at 12:23:24PM +0200, Kurt Roeckx wrote: > The problem I see with only sending the MAC over the ntp headers > and not over the extensions is that the extensions can be removed > or added and the client can't tell. So it could for instance > be replaced with an old version of the extension. I think it's > important that the MAC covers everything. You could of course also add a timestamp indicating when the signature of the extension expires. I think we should do that in any case. Then I'm not sure if there is still a need to to sign the whole packet. Can all extensions be signed? Is there a need to sign them all? Kurt
- [TICTOC] security ID submitted for review David L. Mills
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… David L. Mills
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… dieter.sibold
- Re: [TICTOC] [ntpwg] security ID submitted for re… dieter.sibold
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… David L. Mills
- Re: [TICTOC] [ntpwg] security ID submitted for re… Danny Mayer
- Re: [TICTOC] [ntpwg] security ID submitted for re… Greg Dowd