Greg,
The MAC is intended to protect against a message modification attack,
which surely is not the object here. In principle, the MAC can be
omitted and an extension field can be used in much the same way as a
transparent bridge in PTP.
Dave
Greg Dowd wrote:
Is the use model you envision for NTP to support hardware timestamping
at the edge? In NTP, the addition of an extension field requires the
presence of the MAC. This requires the dissemination and maintenance
of keys as well as the defined MAC checking. How would this model
work if the NTP packet did have the MAC? This extension field would
be covered by the MAC and the authenticator would fail. Or do you
expect this block would have the key info and update the MAC as well?
And, how would it work if the MAC isn't there. Would the update not
be used?
In PTP, there is a TC protocol function which necessitates the
modification of the packet. In NTP, as it is defined as a UDP
protocol, there is not as clear a path to how lower stack layers
modify the PDUs.
If you define this simply at the edge, I'm not sure how much value
this additional UDP checksum update adds? Is there a model you have
in mind?
From: [email protected] [mailto:[email protected]] On
Behalf Of Tal Mizrahi
Sent: Monday, July 04, 2011 5:01 AM
To: [email protected]; [email protected]
Subject: [TICTOC] [ntpwg] New draft:
draft-mizrahi-tictoc-checksum-trailer-00
Hi,
I have posted a new draft that discusses Checksum updates in time
synchronization protocols.
http://tools.ietf.org/html/draft-mizrahi-tictoc-checksum-trailer-00
Comments will be welcome.
Thanks.
Tal.
------------------------------------------------------------------------
_______________________________________________
ntpwg mailing list
[email protected]
http://lists.ntp.org/listinfo/ntpwg
_______________________________________________
TICTOC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tictoc
