[ntpwg] Stonger symmetric NTP authentication
David L. Mills
mills at udel.edu
Mon Nov 17 17:29:59 UTC 2008
As I said previously, the encoding format supports 20-octet digests
should somebody choose to implement it and preserve backward
compatibility. You cannot use an extension fielf do specify the digest
algorithm without imposing a deadly circularity.
There is no need to specify an additional sequence number as that
function is provided by the transmit timestamp and the loopback check.
See the protocol specification for justification.
Bhatia, Manav (Manav) wrote:
> Hi,
>
> Is there any plan underway to use
> HMAC-SHA-1/HMAC-SHA-256/HMAC-SHA-384/etc for NTPv4? We could use the
> extension field header to encode the new hash digest, or it could be
> prepared in such a way that its generic enough to support any crypto
> algorithm. The new extension field header could also include a
> monotonically increasing sequence number that could help prevent replay
> attacks.
>
> Cheers, Manav
>
> _______________________________________________
> ntpwg mailing list
> ntpwg at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/ntpwg
More information about the ntpwg
mailing list