Discussion:
[Linuxptp-devel] NTS for PTP
Xavier Bestel
2015-07-08 14:06:50 UTC
Permalink
Hi,



I'm (lightly for now) interested in securing the PTP protocol, and just had
a glance at an attempt from Google:
https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-09

I'm sure some of you know about it, I'm less sure their solution works
correctly with hardware timestamping (they seem to compute a hash from the
whole packet). Is anybody familiar with this know if it should work ?



Thanks,

Xav
Richard Cochran
2015-07-08 20:05:21 UTC
Permalink
Post by Xavier Bestel
I'm (lightly for now) interested in securing the PTP protocol, and just had
https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-09
I'm sure some of you know about it, I'm less sure their solution works
correctly with hardware timestamping (they seem to compute a hash from the
whole packet). Is anybody familiar with this know if it should work ?
Well, a hash over the entire packet will not work with one-step,
obviously, unless done in HW. But there is no difficulty when using
follow-up messages.

I did skim through that draft a while back, and it is hard to see how
it would work for PTP. For example, the draft seems to mandate
unicast.

Anyhow, I would wait and see what, if anything, becomes the standard
for secure PTP. After all, there is still is 1588 Annex K...

Thanks,
Richard

Loading...