[ntpwg] [ntp:hackers] MS-SNTP

[Andrew Bartlett]

On Fri, 2008-03-28 at 18:03 +0000, David L. Mills wrote:
> Andrew,
> 
> I have no idea why MS-SNTP assumes little-endian. All past and present 
> IETF protocols assume network byte order, which is big-endian. I find it 
> highly surprising that the authors of the MS-SNTP spec apparently did 
> not know that. The timestamps and other data in the NTP header, 
> including the key ID and message digest, are in big-endian order.

Microsoft does this.  Often...  Welcome to my nightmare :-)

> If as presumed the RIDs are small numbers, they would appear in the high 
> order bit positions of the NTP key ID and break any possibility for 
> coexisence with Autokey. It would not be possible for an NTP server to 
> distinguish between MS-SNTP and Autokey and a server could not do both. 
> If the endian was corrected and the RIDs or hashes of them could be 
> limitied to 16 low-opder bits, coexistence is possible and practical.
> 
> The Autokey module was carefully crafted to be replaceable by another 
> module with different functions, so in principle MS-SNTP coult be 
> supported without gross invasion of the existing code. However, if these 
> functions did not include the existing symmetric key ID and keys file, 
> the modified server would be useful only to Microsoft clients and could 
> not serve as an authenticated client of existing NTP servers.

If that is the cost, it's fine by me.  But surely the server could tell
when it is being a server and when it is being a client? 

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/ntpwg/attachments/20080329/9c3a92cb/attachment.bin