[ntpwg] MAC field (was RE: Stronger symmetric NTP authentication)

David L. Mills mills at udel.edu
Sun Dec 7 16:40:41 UTC 2008 

John,

Please see my previous message regarding the parsing rules. They have 
nothing to do with Autokey other than the syntax of the extension field 
and in particular the minimum length in order to determine whether the 
next field is another extension field or the MAC. The Key ID field is 
the same no matter what the digest algorithm is. The present rules work 
if there is no MAC, but if an extension field is present, there must be 
a MAC.

Dave

John Smith wrote:

>Hi Dave,
>
>Thanks for the reply.
>
>I hope the text comes out right this time.
>
>How would it work if i have an extension field that is not Autokey and its of size 20 bytes? Again, what i dont understand is that how can one use SHA when not using AutoKey? How and where would i specify the key ID?
>
>Warm Regards,
>John
>
>
>
>----- Original Message ----
>From: David L. Mills <mills at udel.edu>
>To: ntpwg at lists.ntp.org
>Sent: Saturday, 6 December, 2008 20:30:00
>Subject: Re: [ntpwg] MAC field (was RE: Stronger symmetric NTP authentication)
>
>John,
>
>Your mail sender pretty much garbled the text. See below.
>
>You are essentially correct; however, see my previous message with a 
>little more detail or better yet the Autokey Internet Draft. The trick 
>is to decide whether the MAC is next or an extension field. At present, 
>the only use of extension fields is with Autokey and that requires 
>packets with with extension fields to have a MAC or alternatively a 
>crypto-NAK. However, the parsing rules work even without a MAC or 
>crypto-NAKIn the intended design, packets must be authenticated without 
>interpreting the header and extension field contents.
>
>Dave
>
>John Smith wrote:
>
>  
>
>>MIME-Version: 1.0
>>Content-Type: text/plain; charset=utf-8
>>Content-Transfer-Encoding: quoted-printable
>>
>>Hi,=0A=0AI tried searching the archives and i couldnt find any solution, an=
>>d hence my mail. =0A=0AI am trying to follow the discussion thats taking pl=
>>ace on the mailing list and i have a few doubts.=0A=0A(a) How does a receiv=
>>er know that there is a MAC present? As per my understanding, if authentica=
>>tion is enabled then the receiver keeps parsing the packet till it finds th=
>>at only 20 bytes are remaining. Anything between this and the standard NTP =
>>header is then the extension field. Once we are left with just 20 bytes, we=
>>take the first 4 bytes as the Key ID and the remaining 16 bytes as the MD5=
>>digest. Am i correct till here?=0A=0A(b) Now, when we say that NTP provide=
>>s provision for 20 octets of digest length, then how would be encode the Ke=
>>y ID in the MAC field?=0A=0A(c) What if we have an extension field thats of=
>>20 bytes. How can we disambiguate between that extension field and a MAC f=
>>ield?=0A=0AWarm Regards,=0AJohn=0A=0A=0A=0A      
>>_______________________________________________
>>ntpwg mailing list
>>ntpwg at lists.ntp.org
>>https://lists.ntp.org/mailman/listinfo/ntpwg
>> 
>>
>>    
>>
>
>_______________________________________________
>ntpwg mailing list
>ntpwg at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/ntpwg
>
>
>
>      
>  
>

More information about the ntpwg mailing list