Hi Geoff,
I am so sorry I missed your question...
We do mention NTS in the draft and say that they
can be combined. Khronos provides provable security given a
ratio of compromised NTP pool servers while NTS provides authentication for NTP
servers but has no effect if the servers are compromised.
Best regards,
Neta
On Mon, Jun 12, 2023 at 5:02 PM Neta R S <neta.r.schiff@xxxxxxxxx> wrote:
Hi Geoff,Thanks for the feedback!Best,NetaOn Fri, Jun 9, 2023, 1:57 AM Geoff Huston via Datatracker <noreply@xxxxxxxx> wrote:Reviewer: Geoff Huston
Review result: Ready
The draft makes no reference to the DNS, and as such there is little for this
DNS Directorate reviewer to comment on from the perspective of the DNS.
This is also a informational RFC, and the review questions for such an RFC are
necessarily focused on the clarity of the descriptions contained in the
document as well as attention to the accuracy of any calims made in the
document. From this reviewer's perspective the document is clear and thew
assertions appear to be reasonable.
AS a purely personal comment, which the authors may chose to pay heed to or
just ingore, the document makes absolutely no reference to the NTS protocol.
Since the presumed attack is an attack on the NTP transactions, when what are
the attributes of Khronos that make it an attractive alternative to NTS?
However, to the extent that this is not a document that touches in any
substantive weay on the DNS and this is a DNS directorate review, there is
nothing that is worthing of flagging for further attention in this document
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
