Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac
Sharon Goldberg <goldbe@cs.bu.edu> Fri, 01 September 2017 16:48 UTC
Return-Path: <sharon.goldbe@gmail.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27425132E7D; Fri, 1 Sep 2017 09:48:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6yGAhlNJnErX; Fri, 1 Sep 2017 09:48:37 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA743132DF7; Fri, 1 Sep 2017 09:48:36 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id 81so4657691ioj.5; Fri, 01 Sep 2017 09:48:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=WH8zt5ZtmL86GY7mS1veKK80ZPW2lthi4Twg9PK0Uuc=; b=KmOPIoXWgzHpYjSKQjM9as0DMnxJ+eckW0Nvzxm3Jlw3K1K2mwJBaNOO2X1J/uOzjb RaHzcYJgJVDkoyd9JtRoXgxyYsilvihIVxayNdUepPkqDvuRwzr8UM56mgkTwaD9mMgG Sh1QExLChgxQAPm7X7OvAkrdl/+V0P+oQUPYTclD2U1xZcyWuqZxKXXU5DJKYwMV3+fH SxNtdkE0ZQQtZSMOMCmAe11NHkk57BC64Fd8w9cDfpoeGObywa0uAJT0+zqmKJiOredk wx7rJSiIZ52DWjjpjtgcogSXImVvJV3IF7EE+ZVrE2UMXqVOGr//xXeuQU4sP8EwypGE e7yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=WH8zt5ZtmL86GY7mS1veKK80ZPW2lthi4Twg9PK0Uuc=; b=aMsQUfaYyT9hVS5x7y1JeYyd0T2fqoDsZEDANXls6qFkFRz6i4tI85auYbpmBYK4z0 kS/VR/fVOOYsKFhzXg2DiFtd8GAlkZO0KERrdDkR1/+ocR9zXXYavRkfkzVBZVAtWMXr z+3z07xISGR+Hi3ITnt2usLK1o2HV2hp4IMYwAEN8VZS1EuLjztvzbXc12++S2Plo1t+ QqYQ+8JjptBq9/8Tm6m3L8nerxUxhkXaDc/LgT3g/PeJuQ32THRcHiBcO7XDx2nMrxBg Jp8O/fjQYrz51oVB2KwpbEhX8zX3MjI3SKNXgbRtj+v7+gspUMV3j467ZiKZGM3DRajZ X3Dg==
X-Gm-Message-State: AHPjjUipkfJMOOxqCs7XUEkHhIT9u15eQ65qG9Hli1UL4N17mo2U7sgN o2MQzgZz9oHmgLrqitNaDZSgORqqCQ==
X-Google-Smtp-Source: ADKCNb5AD6mY57H+5+EeH28R4ylm3ifr2HycbOwQYAI4WwwKoL+95PBm0p4lvBOL5/IpcQJbVxMHT3pYqMX6AEozO/4=
X-Received: by 10.36.3.4 with SMTP id e4mr1365218ite.166.1504284516041; Fri, 01 Sep 2017 09:48:36 -0700 (PDT)
MIME-Version: 1.0
Sender: sharon.goldbe@gmail.com
Received: by 10.107.155.195 with HTTP; Fri, 1 Sep 2017 09:47:55 -0700 (PDT)
In-Reply-To: <CABUE3Xm+C8kvmQLKj7F=nASgPrqTJVyvdUcGYudkab6EnaisOA@mail.gmail.com>
References: <CF57EAFE-31F0-4ADD-A209-1802DB6CA643@isoc.org> <CABUE3Xm+C8kvmQLKj7F=nASgPrqTJVyvdUcGYudkab6EnaisOA@mail.gmail.com>
From: Sharon Goldberg <goldbe@cs.bu.edu>
Date: Fri, 01 Sep 2017 12:47:55 -0400
X-Google-Sender-Auth: P_ZLgRin9xj2mw-TmiQ65BxGnQk
Message-ID: <CAJHGrrTsrun4Rk7NbBwkT0nY-TP_fdMEGfcNrY+724cqRGsNGQ@mail.gmail.com>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: Karen O'Donoghue <odonoghue@isoc.org>, "ntp@ietf.org" <ntp@ietf.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Content-Type: multipart/alternative; boundary="001a11449214384730055823882b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tictoc/RPvGES_96U2NpXQbaiYWWILEzOY>
Subject: Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Sep 2017 16:48:39 -0000
Hi Tal, Thanks for your comments. Major comments: > - This may have been discussed before, but still I am not sure what the > answer is: it seems to make sense to define this new MAC as a dedicated > extension field. Any reason not to do that? Since this draft deprecates the > previous MD5-based MAC, there are no backward compatibility considerations. > The draft does not require the use of a new extension field. It works with NTP's legacy MAC fields. As Harlan mentioned earlier, the key ID maps to two items--the key and the algorithm number. We decided not to introduce a new extension field to keep things simple for implementations. > - To allow algorithm agility, I would suggest to add a field that > specifies the algorithm + a corresponding IANA registry. > > This NTP MAC draft only works for the setting of a pre-shared key (PSK) for legacy NTP. For asymmetric keys, we need to use NTS. Given that we are stuck with the PSK model, we can still support algorithm agility by specifying the MAC algorithm as part of the process of configuring the PSK. Specifically, the ntp config file maps the key ID to a secret key and MAC algorithm number. > Less major comments: > - Missing security considerations section. > Yes, will add. > - Missing IANA considerations section. > Given the way we are dealing with algorithm agility, I don't think IANA considerations are relevant. > - "any extension fields that are present" => "every extension fields that > is present". > > Thanks. Sharon > On Wed, Aug 9, 2017 at 7:53 AM, Karen O'Donoghue <odonoghue@isoc.org> > wrote: > >> Folks, >> >> This begins a three week working group last call (WGLC) for "Message >> Authentication Code for the Network Time Protocol" >> https://datatracker.ietf.org/doc/draft-ietf-ntp-mac/ >> >> Please review and provide comments to the mailing list by no later than >> 31 August 2017. Earlier comments and discussion would be appreciated. >> Please note that the chairs will be using this WGLC to determine consensus >> to move this document forward to the IESG. >> >> Also, as a reminder, we have migrated the working group mailing list to >> IETF infrastructure. Please respond to ntp@ietf.org. >> >> Regards, >> Karen and Dieter >> >> _______________________________________________ >> TICTOC mailing list >> TICTOC@ietf.org >> https://www.ietf.org/mailman/listinfo/tictoc >> >> > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp > > -- Sharon Goldberg Computer Science, Boston University http://www.cs.bu.edu/~goldbe
- [TICTOC] WGLC for draft-ietf-ntp-mac Karen O'Donoghue
- Re: [TICTOC] WGLC for draft-ietf-ntp-mac Tal Mizrahi
- [TICTOC] REMINDER: WGLC for draft-ietf-ntp-mac Karen O'Donoghue
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Daniel Franke
- Re: [TICTOC] WGLC for draft-ietf-ntp-mac Jiangyuanlong
- [TICTOC] Antw: Re: [Ntp] WGLC for draft-ietf-ntp-… Ulrich Windl
- Re: [TICTOC] REMINDER: WGLC for draft-ietf-ntp-mac Greg Dowd
- [TICTOC] Antw: Re: [Ntp] WGLC for draft-ietf-ntp-… Ulrich Windl
- Re: [TICTOC] Antw: Re: [Ntp] WGLC for draft-ietf-… Jiangyuanlong
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Miroslav Lichvar
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Sharon Goldberg
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Daniel Franke
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Sharon Goldberg
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Matthew Van Gundy
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Harlan Stenn
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Daniel Franke
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Matthew Van Gundy
- Re: [TICTOC] [Ntp] WGLC for draft-ietf-ntp-mac Harlan Stenn