The current symmetric auth scheme requires a not-an-extension which is (formerly 10) 20 or 24 bytes of an essentially unidentifiable binary blob. to check for it, you either need a length for the authenticated stream or walk backward in the packet to see if the text matches a symmetric authenticator.
My former proposed scheme requires something which is not-properly-an-extension. it has a six-byte header which should be regex searchable in mode 6 and unlikely to occur (no number though) in a regular text stream. It could be registered as an NTP extension with the IETF and IANA. A shortlist of proposed advantages includes an easy extension to the 512-bit current maximum hash length, adding a potential route for something like Network Time Security, Autokey or other extensions. 2 bytes ID field potentially 0xfeed 2 bytes length (10 j/k, 20,24 up to 68ish) 4 bytes key ID the first 2 of which are always 0x0000 6-64+ bytes data hash _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
