[ntpwg] [ntp:hackers] Handling authentication extensions (was MS-SNTP)
Danny Mayer
mayer at ntp.isc.org
Mon Apr 7 01:54:06 UTC 2008
David L. Mills wrote:
> Danny,
>
> I'm baffled by your comments. The current NTPv4 spec says nothing about
> Autokey and makes no interpretation about the type field. The parser can
> and does step through the extension fields without knowing anything
> about the contents in order to find the MAC. The MAC can't be in an
> extension field without violating backwards compatibility with
> symmetric-key NTPv3 and NTPv4.
>
> The current extension field design evolved from 1996 and was first
> formally proposed in 2000. It has been through two Autokey versions,
> both with the same extension field format. The point being that it is a
> little late to change it. The further point being that, without breaking
> backwards compatibility, it is easy to add new tenants of the extension
> fields. Break the version field into class/version nibbles. This
> requires no change to the existing Autokey implmentation, as it ignores
> other than class 0, version 2..
>
> Dave
No, versioning does not belong in that field. It belongs in the
extension itself. If need be we can take a bit in the extension field
(or reduce the length field by one bit to accommodate a way to signal
the type of extension, 0 for current behavior and 1 for new behavior. We
are unlikely to use 32535 bytes for this information anyway so we don't
really lose anything by doing this.
Danny
More information about the ntpwg
mailing list