This is my second response to this Last Call, about a possible security
issue.
RFC8573 seems clear that MD5 must not be used to effect security for NTP
but this I-D imports iana-crypt-hash which allows MD5 without any
restriction, so is MD5 allowed or not?
There are features defined which allow the hash in iana-crypt-hash to be
restricted but this I-D does not use them.
Probably iana-crypt-hash should be updated - I will raise that on the
NETMOD WG list.
The I-D also uses MD5 in a way that would appear not to be security
related, to hash an IPv6 address.
In passing, this I-D has three references to RFC7317. This is wrong -
the module is IANA-maintained and so the references should be to the
IANA website.
The secdir reviewer might be interested in my thoughts.
Tom Petch
On 29/01/2021 22:39, The IESG wrote:
The IESG has received a request from the Network Time Protocol WG (ntp) to
consider the following document: - 'A YANG Data Model for NTP'
<draft-ietf-ntp-yang-data-model-10.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@xxxxxxxx mailing lists by 2021-02-12. Exceptionally, comments may
be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.
Abstract
This document defines a YANG data model for Network Time Protocol
(NTP) implementations. The data model includes configuration data
and state data.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
