Hal Murray <hmur...@megapathdsl.net>:
>
> > > That sounds uncomfortably plausible. I can think of a workaround: add a
> > > padding extension long enough that the packet can't have any of the magic
> > > lengths.
> > I've read that. I've even implemented it myself once, in the Python
> > protocol back end. Is there advice in there that I missed on how to avoid
> > magic-length interactions?
>
> It has a couple of minimum length constraints. I think those are enough to
> avoid the screwup cases.
>
> Mostly, I pointed it out to show the complexities of that area, at least with
> the current setup. There may be room for something like NTPv4.1 which drops
> compatibility with the old stuff that caused problems since it is rarely used.
And by "old stuff" I think you mean specifically Autokey, don't you?
To the extent I understand these length interactions from having coded
the Python support, I don't believe either MD5 or SHA-1 MACs are
implicated.
I think you're right. The first thing to do about this is probably to
strengthen the non-interoperablity warnings around Autokey.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
