[ntpwg] Stonger symmetric NTP authentication
David L. Mills
mills at udel.edu
Tue Nov 18 14:08:22 UTC 2008
Manav,
Please, please, read the spec. To distinguish between an extension field
and a possible MAC is a delicate syntactic adventure, most significantly
to preserve backwards compatibility.
Dave
Bhatia, Manav (Manav) wrote:
> Hi David,
>
>> As I said previously, the encoding format supports 20-octet digests
>> should somebody choose to implement it and preserve backward
>> compatibility. You cannot use an extension fielf do specify
>> the digest
>> algorithm without imposing a deadly circularity.
>
>
> So, are you suggesting that we *cannot* use any hashing algorithm that
> goes beyond 20 bytes? If we think there can be some backward
> compatibility issues then we need to sort those out.
>
> Cheers, Manav
>
>> There is no need to specify an additional sequence number as that
>> function is provided by the transmit timestamp and the
>> loopback check.
>> See the protocol specification for justification.
>>
>> Bhatia, Manav (Manav) wrote:
>>
>>> Hi,
>>>
>>> Is there any plan underway to use
>>> HMAC-SHA-1/HMAC-SHA-256/HMAC-SHA-384/etc for NTPv4? We could use the
>>> extension field header to encode the new hash digest, or it could be
>>> prepared in such a way that its generic enough to support any crypto
>>> algorithm. The new extension field header could also include a
>>> monotonically increasing sequence number that could help
>>
>> prevent replay
>>
>>> attacks.
>>>
>>> Cheers, Manav
>>>
>>> _______________________________________________
>>> ntpwg mailing list
>>> ntpwg at lists.ntp.org
>>> https://lists.ntp.org/mailman/listinfo/ntpwg
>>
>>
>> _______________________________________________
>> ntpwg mailing list
>> ntpwg at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/ntpwg
>
>
More information about the ntpwg
mailing list