Re: [TICTOC] [ntpwg] New Draft: draft-mizrahi-ntp-checksum-trailer-00
Danny Mayer <mayer@ntp.org> Mon, 29 July 2013 17:01 UTC
Return-Path: <mayer@ntp.org>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B35321F9B0D for <tictoc@ietfa.amsl.com>; Mon, 29 Jul 2013 10:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jc+B7tvoSLrF for <tictoc@ietfa.amsl.com>; Mon, 29 Jul 2013 10:01:42 -0700 (PDT)
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by ietfa.amsl.com (Postfix) with ESMTP id DED4911E810A for <tictoc@ietf.org>; Mon, 29 Jul 2013 09:55:10 -0700 (PDT)
Received: from [198.22.153.36] (helo=[10.2.64.39]) by mail1.ntp.org with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1V3qil-000EFa-MD; Mon, 29 Jul 2013 16:54:56 +0000
Message-ID: <51F69E59.9010403@ntp.org>
Date: Mon, 29 Jul 2013 12:54:49 -0400
From: Danny Mayer <mayer@ntp.org>
Organization: NTP
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Tal Mizrahi <talmi@marvell.com>
References: <74470498B659FA4687F0B0018C19A89C01A0F9C9380F@IL-MB01.marvell.com>
In-Reply-To: <74470498B659FA4687F0B0018C19A89C01A0F9C9380F@IL-MB01.marvell.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 198.22.153.36
X-SA-Exim-Rcpt-To: talmi@marvell.com, ntpwg@lists.ntp.org, tictoc@ietf.org, mills@udel.edu
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Cc: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>, "tictoc@ietf.org" <tictoc@ietf.org>, "David L. Mills" <mills@udel.edu>
Subject: Re: [TICTOC] [ntpwg] New Draft: draft-mizrahi-ntp-checksum-trailer-00
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mayer@ntp.org
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 17:01:48 -0000
I have serious concerns about this draft. I effect it seems to say that any intermediate mode can alter the contents of the packet in flight and thus encourage a MIM attack. Furthermore it recommends recomputing the MAC. Why bother to do it this way if you can just recompute the MAC (if any) and then UDP checksum and place it in the UDP checksum field. I'd rather have the new timestamp placed in the extension field so that the receiving server can use it or not. The security considerations makes no mention of these issues. Danny
- [TICTOC] New Draft: draft-mizrahi-ntp-checksum-tr… Tal Mizrahi
- Re: [TICTOC] [ntpwg] New Draft: draft-mizrahi-ntp… Danny Mayer
- Re: [TICTOC] [ntpwg] New Draft: draft-mizrahi-ntp… Tal Mizrahi
- Re: [TICTOC] [ntpwg] New Draft: draft-mizrahi-ntp… Danny Mayer