Yo Richard! On Fri, 18 Jan 2019 17:40:51 -0600 Richard Laager via devel <devel@ntpsec.org> wrote:
> On 1/18/19 4:44 PM, Gary E. Miller via devel wrote: > > Maybe we want to derive C2S and S2C from the TLS session, but I do > > not see that as mandated. > > Am I reading the right draft: > https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-15#section-5.1 > > If so, it is definitely mandated by "SHALL": > > 5.1. Key Extraction (for NTPv4) > > Following a successful run of the NTS-KE protocol wherein Protocol > ID 0 (NTPv4) is selected as a Next Protocol, two AEAD keys SHALL be > extracted: a client-to-server (C2S) key and a server-to-client > (S2C) key. These keys SHALL be computed according to RFC 5705 > [RFC5705], using the following inputs. Yes, but you left off the next paragraph. That is, the SHALL inputs are: The disambiguating label string SHALL be "EXPORTER-network-time- security/1". The per-association context value SHALL consist of the following five octets: The first two octets SHALL be zero (the Protocol ID for NTPv4). The next two octets SHALL be the Numeric Identifier of the negotiated AEAD Algorithm in network byte order. The final octet SHALL be 0x00 for the C2S key and 0x01 for the S2C key. Nothing in there about using anything from the current TLS session. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgp0VVzkaAoU2.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
