On Tue, Mar 29, 2016 at 6:15 AM, Miroslav Lichvar <[email protected]> wrote:
> On Thu, Mar 24, 2016 at 04:05:56PM -0400, Sharon Goldberg wrote: > > On Thu, Mar 24, 2016 at 4:49 AM, Miroslav Lichvar <[email protected]> > > wrote: > > > There is no limit on the duration. The client may be polling the > > > server just couple times a day. > > > > Sorry, I'm confused. The NTS key exchange is a 6-message exchange that > should happen "atomically" (ie. the server gets the clients KE msg, > processes it, and immediately sends its own message. & vice versa: the > client gets the servers KE msg, processes it, and immediately sends its own > message. ) > > As I understand it, NTS doesn't change anything in the NTP polling > process. It should be similar to Autokey. Clients poll the server as > they would normally without any authentication and NTS extension > fields are added to the packets depending on what state the NTS > association is currently in. Only when the NTS association is > initialized, the received packets are used for synchronization. > > If the clients sent a new request immediately, that would create a > rapid burst and the server might drop the packets due to rate > limiting. If the server didn't respond, the client would have to use a > timeout for a new request with some exponential backoff. To me it > seems easier to rely the normal NTP polling process, which was > designed to not overload the server. > > From the server point of view, I think there should be no change in > the observed packet rate (after IP defragmentation) when clients > enable NTS. > > This worries me. Note that NTS uses certificates to authenticate the KE. Generally, a certificate chain cannot fit into a single IP packet. See below for some examples. The first is a "Certificate" messages from TLSv1.2 for a certificate chain of length 2; it was sent in 2 TCP segments. The second "Certificate" message was for a chain of length 4 that had to be sent in 4 segments. Adding OCSP would take further length to the packet. http://www.cs.bu.edu/~goldbe/share/oneCertMsg2Pkts.PNG http://www.cs.bu.edu/~goldbe/share/oneCertMsg4Pkts.PNG It seems very likely that even just one single message of the NTS KE will require sending multiple packets to the server. This needs to be dealt with somehow. As such, I'm not convinced that sending these KE messages according to the NTP polling interval makes sense. I'm further concerned because I don't understand how the NTS KE will deal with lost packets. Sharon -- Sharon Goldberg Computer Science, Boston University http://www.cs.bu.edu/~goldbe
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
