> Am 23.03.2016 um 18:27 schrieb Kurt Roeckx <[email protected]>: > > On Wed, Mar 23, 2016 at 04:01:41AM -0400, Sharon Goldberg wrote: >> Dear WG, >> >> Another question, and please forgive me if this was discussed already and I >> missed it. >> >> It would be helpful to know why NTS is not just just running over IPsec. (I >> can see why running NTP over TLS makes little sense, since TLS runs over >> TCP while NTP runs over UDP so everything would probably >> break.) But NTP runs over IP. I suppose there are some performance >> hits to using IPsec? What are they? > > I think the main problem is that they don't want that many IPsec > tunnels at the same time. As far as I understand it, the design > wants to avoid storing this much state information on the server > side. I'm not sure I agree with this design decision. > > It could also use DTLS instead of TLS, which does work over UDP.
At the time we discovered that we cannot use NTP’s autokey approach we also considered to use DTLS. However at this time there has been hardly any implementation of it. Also we learned from [1] that DTLS is not target for an application with a communication pattern like NTP. "Note that the requirement to create a session means that DTLS is primarily suited for long- lived “connection-oriented” protocols as opposed to to- tally connectionless ones like DNS. Connectionless proto- cols are better served by application layer object-security protocols.“ It might be that today DTLS’ scope has broadened. I also want to point out that last year Florian Weimer proposed to utilize DTLS for the key exchange. We regarded his suggestion and moved the CMS based key exchange into an appendix. In the normative part of the document we specified the requirements that have to be meet during the initial phase of NTS. See 6.1.1 in https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-12 <https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-12> The NTS for NTP draft requires that the CMS-based key exchange is to be implemented. However it allows also the implementation of an alternative key exchange, e.g. DTLS, see 4.1 in https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-04 <https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-04> > > (D)TLS can already store the session on the client side, and > give that to the server on "resumption". But maybe that would > require too many packets? > > I'm also worried about the soundness of the crypto. I have a > feeling this is designed by people that don't have enough > background to design something like this. I think it needs to be > looked at by several people who do. I've asked about this before > but nobody ever replied to it. > We frequently invited people to review the documents. So did the chair of NTP’s working group. Also Kristof gave a presentation of the documents in the SAAG session of 91st IETF. > > Kurt > > _______________________________________________ > ntpwg mailing list > [email protected] > http://lists.ntp.org/listinfo/ntpwg
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
