Hi Tal, Thanks for your comments. Major comments: > - This may have been discussed before, but still I am not sure what the > answer is: it seems to make sense to define this new MAC as a dedicated > extension field. Any reason not to do that? Since this draft deprecates the > previous MD5-based MAC, there are no backward compatibility considerations. >
The draft does not require the use of a new extension field. It works with NTP's legacy MAC fields. As Harlan mentioned earlier, the key ID maps to two items--the key and the algorithm number. We decided not to introduce a new extension field to keep things simple for implementations. > - To allow algorithm agility, I would suggest to add a field that > specifies the algorithm + a corresponding IANA registry. > > This NTP MAC draft only works for the setting of a pre-shared key (PSK) for legacy NTP. For asymmetric keys, we need to use NTS. Given that we are stuck with the PSK model, we can still support algorithm agility by specifying the MAC algorithm as part of the process of configuring the PSK. Specifically, the ntp config file maps the key ID to a secret key and MAC algorithm number. > Less major comments: > - Missing security considerations section. > Yes, will add. > - Missing IANA considerations section. > Given the way we are dealing with algorithm agility, I don't think IANA considerations are relevant. > - "any extension fields that are present" => "every extension fields that > is present". > > Thanks. Sharon > On Wed, Aug 9, 2017 at 7:53 AM, Karen O'Donoghue <[email protected]> > wrote: > >> Folks, >> >> This begins a three week working group last call (WGLC) for "Message >> Authentication Code for the Network Time Protocol" >> https://datatracker.ietf.org/doc/draft-ietf-ntp-mac/ >> >> Please review and provide comments to the mailing list by no later than >> 31 August 2017. Earlier comments and discussion would be appreciated. >> Please note that the chairs will be using this WGLC to determine consensus >> to move this document forward to the IESG. >> >> Also, as a reminder, we have migrated the working group mailing list to >> IETF infrastructure. Please respond to [email protected]. >> >> Regards, >> Karen and Dieter >> >> _______________________________________________ >> TICTOC mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/tictoc >> >> > > _______________________________________________ > ntp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ntp > > -- Sharon Goldberg Computer Science, Boston University http://www.cs.bu.edu/~goldbe
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
