[ntpwg] Autokey refilihng - my point...
tglassey at earthlink.net
Mon Oct 26 15:20:55 UTC 2009
Brian Haberman wrote:
> Todd Glassey wrote:
>> Brian - my point in asking to advance the autokey draft is both based
>> in getting NTP further along to its v4 standards status and also in
>> getting the autokey component more formalized than 'an informational'
>> status since its in use in production in many shops around the world,
>> that is no longer appropriate. Autokey as it is implemented today
>> works and is relied on, so we need to get what is out their today
>> documented as an in-place accepted standard.
>> If you want to make changes to the protocol itself that's fine but
>> dont hold up acknowledging what's already in pervasive use in the
>> world for secure NTP.
> My point is not to hold up the spec, but it can't advance unless it
> can clearly specify how OIDs for the algorithms in use are converted
> to NIDs for use in the Status Word.
Sure if the current draft is advanced. It may be that we need to create
a more restrained draft which documents how it actually works in
production today since this is a trailing-edge effort.
> The current text refers to an RFC that only defines the OIDs for the
> various Signature and Digest schemes and not the NIDs carried by NTP.
> This is not changing the protocol,
Sure it is - it seeks to change how existing implementations of AutoKEY
work, and that is the issue - it doesnt matter whether the current
version of AutoKEY works everywhere or not - it is what's in production
and it is what people who rely on IETF Standards to codify what they are
already using need the IETF to embrace, and if the NTPWG wants to change
it next time around that is fine - but NTP is already a key part of
auditing and it needs to be standardized as it is today to insure proper
controls on the reference ports and that testing can be done properly
outside the IETF. So it doesnt matter that you want to fix AutoKEY so
that there are interoperable versions of NTP, what matters is
standardizing what is in production use now.
> it is providing a way to have inter-operable implementations of Autokey.
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.423 / Virus Database: 270.14.31/2458 - Release Date: 10/25/09 08:10:00
More information about the ntpwg