On 12/13/2011 10:10 PM, Dave Hart wrote: > What Dr. Mills suggests is if you can't MITM NTP exchanges secured by > 20-octet digests, there is no need for a larger digest. This is why he > harkens back to the discussion of MD5 flaws and how they might be > exploited in the context of NTP authentication. NTP has the advantage > of time -- the MITM has to not only find a correct digest for the > modified packet, he must do so fast enough that the client will not find > reason to ignore the response.
That's not the discussion at all. MITM are totally separate from what we are discussing. A MITM can interpret/recreate an MAC-protected NTP packet just the same as any other NTP server. > > There is no doubt it is ugly that there are two different ad-hoc > extensions to the basic NTPv4 packet defined, both detected solely by > the received datagram size, and unfortunate that means extensions must > be at least 7 x 32 bits long to avoid ambiguity. One might hope any > NTPv5 would include indication in the basic packet headers of whether > authentication and/or extensions are used in a way that avoids such > ambiguity. We aren't going to wait on a putative NTPv5 for this. We are discussing NTP v4 and how to clean up extension fields and have well defined MAC algorithms in the packets. You just defined the problem yourself: "two different ad-hoc extensions". They cannot remain ad-hoc. Danny _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
