I am strongly in favor of moving this draft toward standardization. This is tremendous work that will eliminate entire classes of attacks against protocols that depend on synchronized time.
A few comments: (1) I couldn't figure out if it is possible for the client to request multiple cookies with time synchronization requests. If it isn't, it seems like it should be to avoid the inevitable re-establishment of keys if the client's cookie pool permanently drops by one every time a packet is lost. Being able to request more than one cookie will enable the client to maintain the recommended pool of 8. (2) In section 5, the description of the record type field seems wrong. It says q( A 15-bit integer in network byte order (from most-to-least significant, its bits are record bits 7-1 and then 15-8). ). This seems to imply that (for example) the value 16385 would be encoded as 000000100000001 when read from left-to-right in the given diagram, when I believe it should be encoded as 100000000000001. I would just lose everything between the parentheses: it seems sufficient to say that record type is a 15-bit unsigned integer in NBO. (3) Section 5.2 states that key material "SHALL" be extracted according to RFC 5705. What is the plan if some TLS 1.3-specific mechanism deprecates 5705? Kyle On Wed, Aug 9, 2017 at 12:41 AM, Karen O'Donoghue <[email protected]> wrote: > Folks, > > This begins a three week working group last call (WGLC) for "Network Time > Security for the Network Time Protocol”. > > https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ > > Please review and provide comments to the mailing list by no later than 31 > August 2017. Earlier comments and discussion would be appreciated. Please > note that the chairs will be using this WGLC to determine consensus to move > this document forward to the IESG. > > Also, as a reminder, we have migrated the working group mailing list to IETF > infrastructure. Please respond to [email protected]. ] > > Regards, > Karen and Dieter > _______________________________________________ > ntp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ntp _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
