mode 6 crypto revison

James Browning jamesb.fe80 at
Fri Jan 10 16:00:00 UTC 2020

The current symmetric auth scheme requires a not-an-extension which is
(formerly 10) 20 or 24 bytes of an essentially unidentifiable binary
blob. to check for it, you either need a length for the authenticated
stream or walk backward in the packet to see if the text matches a
symmetric authenticator.

My former proposed scheme requires something which is
not-properly-an-extension. it has a six-byte header which should be
regex searchable in mode 6 and unlikely to occur (no number though)
in a regular text stream. It could be registered as an NTP extension
with the IETF and IANA. A shortlist of proposed advantages includes
an easy extension to the 512-bit current maximum hash length, adding
a potential route for something like Network Time Security, Autokey
or other extensions.

2 bytes ID field potentially 0xfeed
2 bytes length (10 j/k, 20,24 up to 68ish)
4 bytes key ID the first 2 of which are always 0x0000
6-64+ bytes data hash

More information about the devel mailing list