Hi Hal, Good point, I propose making this change - OLD: | +--rw key? ianach:crypt-hash NEW: | +--rw key | | +--rw (key-string-style)? | | +--:(keystring) | | | +--rw keystring? string | | +--:(hexadecimal) {hex-key-string}? | | +--rw hexadecimal-string? yang:hex-string END The algorithm field already uses the identity key-chain:crypto-algorithm from RFC 8177 which supports hmac-sha-1-12, aes-cmac-prf-128, md5, sha-1, hmac-sha-1, hmac-sha-256, hmac-sha-384, hmac-sha-512 and the ability to add more identities. The above change would align with RFC 8177. Thanks, Dhruv On Tue, Feb 9, 2021 at 3:05 PM Hal Murray <hmurray@xxxxxxxxxxxxxxx> wrote: > > > daedulus@xxxxxxxxxxxxx said: > > RFC8573 seems clear that MD5 must not be used to effect security for NTP but > > this I-D imports iana-crypt-hash which allows MD5 without any restriction, > > so is MD5 allowed or not? > > "Allowed" is the key word. Just because somebody published an RFC doesn't > mean that all the gear out in the field will get updated. As Harlan pointed > out, there is a very very long tail on NTP deployments. > > I think it makes sense for iana-crypt-hash to include slots for historic > items. If nothing else, it is a good place to say "historic" or "deprecated" > and give references to the details. > > If you think a Yang model should discourage using MD5, then I suggest adding > words to say that. Better would be to phrase things so that it also includes > other algorithms that get kicked out of the club after the RFC is published. > I don't know of any place that publishes an up-to-date list of crypto-hashing > algorithms and their status. > > ---------- > > I'm looking at iana-crypt-hash@xxxxxxxxxxxxxxx > > It says: > id | hash function | feature > ---+---------------+------------------- > 1 | MD5 | crypt-hash-md5 > 5 | SHA-256 | crypt-hash-sha-256 > 6 | SHA-512 | crypt-hash-sha-512 > > If NTP is the only use, then I'd suggest adding a deprecated note. But I > assume that is used by other than NTP so that may not be appropriate. But > maybe if MD5 is deprecated for NTP it should be deprecated for other uses too. > ??? > > What happened to slots 2, 3, and 4? > > Existing NTP code also supports SHA-1 > > RFC 8573 that deprecated using MD5 with NTP suggests using AES-CMAC. Note > that is CMAC rather than HMAC and that NTP uses it's own scheme rather than > HMAC as described in RFC 6151. > > The NTPsec code supports any hash (or CMAC) algorithm that the underlying > library from OpenSSL supports. > > -- > These are my opinions. I hate spam. > > > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call