[TICTOC] IPsec security for packet based synchronization
Danny Mayer <mayer@ntp.org> Mon, 26 December 2011 03:11 UTC
Return-Path: <mayer@ntp.org>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C24B21F85CE for <tictoc@ietfa.amsl.com>; Sun, 25 Dec 2011 19:11:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBZPi0wCXB5Y for <tictoc@ietfa.amsl.com>; Sun, 25 Dec 2011 19:11:00 -0800 (PST)
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by ietfa.amsl.com (Postfix) with ESMTP id 010F021F85C7 for <tictoc@ietf.org>; Sun, 25 Dec 2011 19:11:00 -0800 (PST)
Received: from pool-141-157-189-77.bstnma.btas.verizon.net ([141.157.189.77] helo=[10.10.10.102]) by mail1.ntp.org with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1Rf0xm-000PGp-Lf for tictoc@ietf.org; Mon, 26 Dec 2011 03:10:59 +0000
Message-ID: <4EF7E5BF.9050609@ntp.org>
Date: Sun, 25 Dec 2011 22:10:55 -0500
From: Danny Mayer <mayer@ntp.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: "tictoc@ietf.org" <tictoc@ietf.org>
X-Enigmail-Version: 1.3.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 141.157.189.77
X-SA-Exim-Rcpt-To: tictoc@ietf.org
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: [TICTOC] IPsec security for packet based synchronization
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2011 03:11:00 -0000
The minutes of the taipei meeting state this: > 6. IPsec security for packet based synchronization > Yang Cui on behalf of the author, Yixian Xu, presented > draft-xu-tictoc-ipsec-security-for-synchronization-02. This draft has had a > large volume of discussion on list . There have been two basic questions that > have been brought up on the list: Do we need to encrypt timing packets? Do > we need to identify and decrypt timing packets right away (before decrypting > all traffic)? Yang indicated that the answer to question 1 is yes for 3GPPP > Femtocell and that the draft provided the only efficient mechanism for > carrying out a solution to the second question. It had been brought up on the > list that if timing packets were easily identified then they were more susceptible > to attackers, for which Yang disagreed. The authors a preparing a new version of > the draft which addresses the points discussed on the list. If the answer to question 1 is yes for 3GPP Femtocell then there needs to be an explicit answer to why and what this is with a reference to supporting documents and the section of the documents. Also Yang disagreed about the vunerability of identified timing packets so he should state exactly why he disagrees along with any supporting documents and sections of those documents. Danny