Re: [TICTOC] [ntpwg] security ID submitted for review
Kurt Roeckx <kurt@roeckx.be> Wed, 07 August 2013 15:16 UTC
Return-Path: <kurt@roeckx.be>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46E1921E8137 for <tictoc@ietfa.amsl.com>; Wed, 7 Aug 2013 08:16:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.265
X-Spam-Level:
X-Spam-Status: No, score=-3.265 tagged_above=-999 required=5 tests=[AWL=-0.666, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Ip7X2iEIZpO for <tictoc@ietfa.amsl.com>; Wed, 7 Aug 2013 08:16:39 -0700 (PDT)
Received: from jacques.telenet-ops.be (jacques.telenet-ops.be [195.130.132.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD8911E8143 for <tictoc@ietf.org>; Wed, 7 Aug 2013 08:16:38 -0700 (PDT)
Received: from intrepid.roeckx.be ([94.226.199.45]) by jacques.telenet-ops.be with bizsmtp id 9rGd1m00o0zFtyu0JrGdxs; Wed, 07 Aug 2013 17:16:37 +0200
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id 2C9B0EB20B; Wed, 7 Aug 2013 17:16:37 +0200 (CEST)
Date: Wed, 07 Aug 2013 17:16:37 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: NTP Working Group <ntpwg@lists.ntp.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Message-ID: <20130807151637.GA31292@roeckx.be>
References: <51FAC820.3090401@udel.edu> <20130803174008.GA17578@roeckx.be>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20130803174008.GA17578@roeckx.be>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [TICTOC] [ntpwg] security ID submitted for review
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 15:16:45 -0000
On Sat, Aug 03, 2013 at 07:40:08PM +0200, Kurt Roeckx wrote: > > I really don't understand how such a man in the middle attack > can work. Either the certificate + the chain validate, or they > don't. It is of course important to you check that the CommonName > in the certificate matches the server you're trying to reach, > and that the root CA is in your list of trusted CAs. But there > really isn't anything new or hard about this. So thinking about this so more, I do see 1 problem with this. I would like to be able to use this for the pool for those that wish to use it. But if you're verify the certificate you're not going to know which server you're talking too, so there is no way to check the CommonName. Does it make sense to just skip this check in case of the pool? Kurt
- [TICTOC] security ID submitted for review David L. Mills
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… David L. Mills
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… dieter.sibold
- Re: [TICTOC] [ntpwg] security ID submitted for re… dieter.sibold
- Re: [TICTOC] [ntpwg] security ID submitted for re… Kurt Roeckx
- Re: [TICTOC] [ntpwg] security ID submitted for re… David L. Mills
- Re: [TICTOC] [ntpwg] security ID submitted for re… Danny Mayer
- Re: [TICTOC] [ntpwg] security ID submitted for re… Greg Dowd