for ntp 06
play

for-ntp-06 D. Sibold NTPWG Interim Meeting, 14th October 2016, - PowerPoint PPT Presentation

draft-ietf-ntp-using-nts- for-ntp-06 D. Sibold NTPWG Interim Meeting, 14th October 2016, Boston In WG Design Team discussed Items Item Status 1 Mandatory to implemented KE Agreed DTLS - Over separate Port - Piggybacked on NTP header


  1. draft-ietf-ntp-using-nts- for-ntp-06 D. Sibold NTPWG Interim Meeting, 14th October 2016, Boston

  2. In WG Design Team discussed Items Item Status 1 Mandatory to implemented KE Agreed – DTLS - Over separate Port - Piggybacked on NTP header 2 Are optional KE mechanism allowed? Open 3 Two-way authentication Agreed - Second tier effort - KE must be able to support mutual authentication 4 Authorization Agreed - Second tier effort 5 Broadcast mode Agreed - Second tier effort However PTP needs broadcast/multicast mode! 2016-10-14 D. Sibold, NTP Interim Meeting, Boston 2

  3. In WG Design Team discussed Items Item Status 6 Chicken-egg problem Agreed – Discussed in the section “Security considerations” 7 Unauthenticated time packets Agreed – MUST NOT be applied for time synchronization. - Discussed in section “Security considerations” 8 Cryptographic agility Agreement that cryptographic agility is needed A minimum list of mandatory mechanisms shall be provided Message Authentication Code - GMAC shall be provided because of performance advantages - HMAC shall be provided especially for embedded devices 9 Cipher suite selection TBD - Daniel proposal already contains language on 2016-10-14 D. Sibold, NTP Interim Meeting, Boston 3

  4. In WG Design Team discussed Items Item Status 10 Privacy Open - New requirement (not included in RFC 7384) - Not final agreement 2016-10-14 D. Sibold, NTP Interim Meeting, Boston 4

  5. In WG Design Team discussed Items Summary of open items Item Notes Are optional KE mechanism allowed? Privacy If yes, is the current approach suffient? 2016-10-14 D. Sibold, NTP Interim Meeting, Boston 5

  6. Merge of NTS for NTP draft with new proposal TBD Old draft Preliminary merged draft Daniel’s draft Abstract Abstract Abstract Introduction Introduction Introduction Objectives Objectives DTLS profile for Network Time Security Terms and Abbreviations Terms and Abbreviations Transport mechanisms for DTLS records Overview of NTS-Secured Employing DTLS for NTP NTP Security The NTS-encapsulated NTPv4 protocol Protocol Sequence The NTS Key Establishment Implementation Notes: Protocol Sequence for Time protocol ASN.1 Structures and Use Synchronization Messages of the CMS NTS Extensions for NTPv4 in Client-Server Mode IANA Considerations IANA Considerations Recommended format for NTS cookies 8. Security Considerations 8. Security Considerations Security Considerations Contains also language 2016-10-14 D. Sibold, NTP Interim Meeting, Boston IANA Considerations 6 from the generic draft

  7. Merge of NTS for NTP draft with new proposal • TBD • Final specification of the protection of time request and response messages • Depends on the privacy requirement • Also important for the section “Objectives” • Text from Daniel’s introduction • Text from Daniel’s essay for the security consideration • If optional KE mechanisms are allowed: • Current DLTS based KE should exchange key(s) and state information as application data • Broadcast mode has been dismissed 2016-10-14 D. Sibold, NTP Interim Meeting, Boston 7

Recommend


More recommend