First round of my stupid questions about NTS
Gary E. Miller
gem at rellim.com
Sat Jan 19 00:12:54 UTC 2019
Yo Richard!
On Fri, 18 Jan 2019 17:40:51 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:
> On 1/18/19 4:44 PM, Gary E. Miller via devel wrote:
> > Maybe we want to derive C2S and S2C from the TLS session, but I do
> > not see that as mandated.
>
> Am I reading the right draft:
> https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-15#section-5.1
>
> If so, it is definitely mandated by "SHALL":
>
> 5.1. Key Extraction (for NTPv4)
>
> Following a successful run of the NTS-KE protocol wherein Protocol
> ID 0 (NTPv4) is selected as a Next Protocol, two AEAD keys SHALL be
> extracted: a client-to-server (C2S) key and a server-to-client
> (S2C) key. These keys SHALL be computed according to RFC 5705
> [RFC5705], using the following inputs.
Yes, but you left off the next paragraph. That is, the SHALL inputs are:
The disambiguating label string SHALL be "EXPORTER-network-time-
security/1".
The per-association context value SHALL consist of the following
five octets:
The first two octets SHALL be zero (the Protocol ID for NTPv4).
The next two octets SHALL be the Numeric Identifier of the
negotiated AEAD Algorithm in network byte order.
The final octet SHALL be 0x00 for the C2S key and 0x01 for the
S2C key.
Nothing in there about using anything from the current TLS session.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/4ba587c9/attachment-0001.bin>
More information about the devel
mailing list