ipsec October 2011 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] [TICTOC] Review request for IPsec security fo

Re: [IPsec] [TICTOC] Review request for IPsec security for packet based synchronization (Yang Cui)

From: Danny Mayer <mayer_at_nospam>
Date: Mon Oct 17 2011 - 03:08:02 GMT
To: Nico Williams <nico@cryptonector.com>

On 10/15/2011 9:29 PM, Nico Williams wrote:
> On Fri, Oct 14, 2011 at 7:19 PM, David L. Mills <mills@udel.edu> wrote:
>> Nico and Danny,
>> It might help to explain the issues in the NTP white papers at the NTP
>> project page www.eecis.udel.edu./ntp.html. Chapter 16 in the book shows the
>> results of experiments using interleaved mode, which might be of interest in
>> PTP broadcast issues. The paper on Simulation and Analysis of the NTP
>> On-Wire protocol uses a two-step process similar to PTP. The paper on NTP
>> Security Analysis may have lessons for PTP authentication. The NTP Autokey
>> model needs help, as suggested in that paper.
> Also helpful was to note the cc list and then look at the TICTOC WG charter.
> If I understand the I-D we're talking about a an extension to IPsec to
> minimize overhead in handling of packets carrying time data,
> particularly in an SG environment. This would allow NTP to be run
> with no crypto inside the security boundary, with IPsec providing
> security outside. Is this correct? And this performs better than the
> interleaved NTP scheme with asymmetric key signatures?

I cannot answer for the performance but if I was worried about making
sure I got the correct time I'd be more likely to be concerned about
authenticating the server than encrypting the contents. Encryption
doesn't do a thing for ensuring you got a valid packet.

IPsec mailing list