[ntpwg] Stonger symmetric NTP authentication
Bhatia, Manav (Manav)
manav at alcatel-lucent.com
Tue Nov 18 09:36:53 UTC 2008
Hi David,
> As I said previously, the encoding format supports 20-octet digests
> should somebody choose to implement it and preserve backward
> compatibility. You cannot use an extension fielf do specify
> the digest
> algorithm without imposing a deadly circularity.
So, are you suggesting that we *cannot* use any hashing algorithm that
goes beyond 20 bytes? If we think there can be some backward
compatibility issues then we need to sort those out.
Cheers, Manav
>
> There is no need to specify an additional sequence number as that
> function is provided by the transmit timestamp and the
> loopback check.
> See the protocol specification for justification.
>
> Bhatia, Manav (Manav) wrote:
>
> > Hi,
> >
> > Is there any plan underway to use
> > HMAC-SHA-1/HMAC-SHA-256/HMAC-SHA-384/etc for NTPv4? We could use the
> > extension field header to encode the new hash digest, or it could be
> > prepared in such a way that its generic enough to support any crypto
> > algorithm. The new extension field header could also include a
> > monotonically increasing sequence number that could help
> prevent replay
> > attacks.
> >
> > Cheers, Manav
> >
> > _______________________________________________
> > ntpwg mailing list
> > ntpwg at lists.ntp.org
> > https://lists.ntp.org/mailman/listinfo/ntpwg
>
>
> _______________________________________________
> ntpwg mailing list
> ntpwg at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/ntpwg
>
More information about the ntpwg
mailing list