[ntpwg] MAC field (was RE: Stronger symmetric NTP authentication)

[David L. Mills]

John,

Your mail sender pretty much garbled the text. See below.

You are essentially correct; however, see my previous message with a 
little more detail or better yet the Autokey Internet Draft. The trick 
is to decide whether the MAC is next or an extension field. At present, 
the only use of extension fields is with Autokey and that requires 
packets with with extension fields to have a MAC or alternatively a 
crypto-NAK. However, the parsing rules work even without a MAC or 
crypto-NAKIn the intended design, packets must be authenticated without 
interpreting the header and extension field contents.

Dave

John Smith wrote:

>MIME-Version: 1.0
>Content-Type: text/plain; charset=utf-8
>Content-Transfer-Encoding: quoted-printable
>
>Hi,=0A=0AI tried searching the archives and i couldnt find any solution, an=
>d hence my mail. =0A=0AI am trying to follow the discussion thats taking pl=
>ace on the mailing list and i have a few doubts.=0A=0A(a) How does a receiv=
>er know that there is a MAC present? As per my understanding, if authentica=
>tion is enabled then the receiver keeps parsing the packet till it finds th=
>at only 20 bytes are remaining. Anything between this and the standard NTP =
>header is then the extension field. Once we are left with just 20 bytes, we=
> take the first 4 bytes as the Key ID and the remaining 16 bytes as the MD5=
> digest. Am i correct till here?=0A=0A(b) Now, when we say that NTP provide=
>s provision for 20 octets of digest length, then how would be encode the Ke=
>y ID in the MAC field?=0A=0A(c) What if we have an extension field thats of=
> 20 bytes. How can we disambiguate between that extension field and a MAC f=
>ield?=0A=0AWarm Regards,=0AJohn=0A=0A=0A=0A      
>_______________________________________________
>ntpwg mailing list
>ntpwg at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/ntpwg
>  
>