[ntpwg] MAC field (was RE: Stronger symmetric NTP authentication)

John Smith jsmith4112003 at yahoo.co.uk
Sat Dec 6 16:55:29 UTC 2008 

Hi Dave,

Thanks for the reply.

I hope the text comes out right this time.

How would it work if i have an extension field that is not Autokey and its of size 20 bytes? Again, what i dont understand is that how can one use SHA when not using AutoKey? How and where would i specify the key ID?

Warm Regards,
John



----- Original Message ----
From: David L. Mills <mills at udel.edu>
To: ntpwg at lists.ntp.org
Sent: Saturday, 6 December, 2008 20:30:00
Subject: Re: [ntpwg] MAC field (was RE: Stronger symmetric NTP authentication)

John,

Your mail sender pretty much garbled the text. See below.

You are essentially correct; however, see my previous message with a 
little more detail or better yet the Autokey Internet Draft. The trick 
is to decide whether the MAC is next or an extension field. At present, 
the only use of extension fields is with Autokey and that requires 
packets with with extension fields to have a MAC or alternatively a 
crypto-NAK. However, the parsing rules work even without a MAC or 
crypto-NAKIn the intended design, packets must be authenticated without 
interpreting the header and extension field contents.

Dave

John Smith wrote:

>MIME-Version: 1.0
>Content-Type: text/plain; charset=utf-8
>Content-Transfer-Encoding: quoted-printable
>
>Hi,=0A=0AI tried searching the archives and i couldnt find any solution, an=
>d hence my mail. =0A=0AI am trying to follow the discussion thats taking pl=
>ace on the mailing list and i have a few doubts.=0A=0A(a) How does a receiv=
>er know that there is a MAC present? As per my understanding, if authentica=
>tion is enabled then the receiver keeps parsing the packet till it finds th=
>at only 20 bytes are remaining. Anything between this and the standard NTP =
>header is then the extension field. Once we are left with just 20 bytes, we=
> take the first 4 bytes as the Key ID and the remaining 16 bytes as the MD5=
> digest. Am i correct till here?=0A=0A(b) Now, when we say that NTP provide=
>s provision for 20 octets of digest length, then how would be encode the Ke=
>y ID in the MAC field?=0A=0A(c) What if we have an extension field thats of=
> 20 bytes. How can we disambiguate between that extension field and a MAC f=
>ield?=0A=0AWarm Regards,=0AJohn=0A=0A=0A=0A      
>_______________________________________________
>ntpwg mailing list
>ntpwg at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/ntpwg
>  
>

_______________________________________________
ntpwg mailing list
ntpwg at lists.ntp.org
https://lists.ntp.org/mailman/listinfo/ntpwg

More information about the ntpwg mailing list