Sorry, I forgot to add the reference [1]. It is: 1. Modadugu, N. and E. Rescorla. The Design and Implementation of Datagram TLS. in NDSS. 2004.
> Am 24.03.2016 um 11:04 schrieb Dieter Sibold <[email protected] > <mailto:[email protected]>>: > >> >> Am 23.03.2016 um 18:27 schrieb Kurt Roeckx <[email protected] >> <mailto:[email protected]>>: >> >> On Wed, Mar 23, 2016 at 04:01:41AM -0400, Sharon Goldberg wrote: >>> Dear WG, >>> >>> Another question, and please forgive me if this was discussed already and I >>> missed it. >>> >>> It would be helpful to know why NTS is not just just running over IPsec. (I >>> can see why running NTP over TLS makes little sense, since TLS runs over >>> TCP while NTP runs over UDP so everything would probably >>> break.) But NTP runs over IP. I suppose there are some performance >>> hits to using IPsec? What are they? >> >> I think the main problem is that they don't want that many IPsec >> tunnels at the same time. As far as I understand it, the design >> wants to avoid storing this much state information on the server >> side. I'm not sure I agree with this design decision. >> >> It could also use DTLS instead of TLS, which does work over UDP. > > At the time we discovered that we cannot use NTP’s autokey approach we also > considered to use DTLS. However at this time there has been hardly any > implementation of it. Also we learned from [1] that DTLS is not target for > an application with a communication pattern like NTP. > > "Note that the requirement to create a session means that DTLS is primarily > suited for long- lived “connection-oriented” protocols as opposed to to- > tally connectionless ones like DNS. Connectionless proto- cols are better > served by application layer object-security protocols.“ > > It might be that today DTLS’ scope has broadened. > > I also want to point out that last year Florian Weimer proposed to utilize > DTLS for the key exchange. We regarded his suggestion and moved the CMS based > key exchange into an appendix. In the normative part of the document we > specified the requirements that have to be meet during the initial phase of > NTS. See 6.1.1 in > https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-12 > <https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-12> > The NTS for NTP draft requires that the CMS-based key exchange is to be > implemented. However it allows also the implementation of an alternative key > exchange, e.g. DTLS, see 4.1 in > https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-04 > <https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-04> > > >> >> (D)TLS can already store the session on the client side, and >> give that to the server on "resumption". But maybe that would >> require too many packets? >> >> I'm also worried about the soundness of the crypto. I have a >> feeling this is designed by people that don't have enough >> background to design something like this. I think it needs to be >> looked at by several people who do. I've asked about this before >> but nobody ever replied to it. >> > > We frequently invited people to review the documents. So did the chair of > NTP’s working group. Also Kristof gave a presentation of the documents in the > SAAG session of 91st IETF. > >> >> Kurt >> >> _______________________________________________ >> ntpwg mailing list >> [email protected] <mailto:[email protected]> >> http://lists.ntp.org/listinfo/ntpwg <http://lists.ntp.org/listinfo/ntpwg> > > _______________________________________________ > TICTOC mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/tictoc > <https://www.ietf.org/mailman/listinfo/tictoc>
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
