On 2025-01-24 18:30, Sarath _Msft_ via devel wrote:
I am a software engineer with Microsoft Corporation.
I'm not a crypto expert nor am I speaking on behalf of the NTPsec project, so take this with an appropriately sized grain of salt. ;)
As I understand it, the current NTPSec implementation supports only the AEAD_AES_SIV_CMAC algorithms of various cipher lengths. I propose including support for AEAD_AES_128_GCM, AEAD_AES_256_GCM, AEAD_AES_128_CCM and AEAD_AES_256_CCM algorithms in this implementation.
My initial reaction was: doesn't NTS specify the exact algorithms, like TLS 1.3 does? After looking at the RFC, apparently not. But it's close. The RFC does specifically say that "Server implementations... MUST support AEAD_AES_SIV_CMAC_256." (RFC 8915, section 4.1.5).
These specific algorithms are implemented in both OpenSSL library and Microsoft's SymCrypt Library (https://github.com/microsoft/SymCrypt) , whereas the AEAD_AES_SIV_CMAC algorithms are not.
You don't seem to have proposed building NTPsec against SymCrypt. So it seems that you are suggesting some other NTS implementation, perhaps written by Microsoft, will use the SymCrypt library, which does not support AES SIV. Are you suggesting that:
A) a /server/ implementation will exist that does not support AES SIV /as required by the standard/ and NTPsec should expand its algorithm support /as a client/ to interoperate with such a server?
B) a /client/ implementation will exist that do not support AES SIV and NTPsec should expand its algorithm support /as a server/ to interoperate with such a client?
If it's the latter, is this some specialty client, or is Microsoft intending to add NTS support to Windows itself (but without AES SIV)?
For this to be widely useful, presumably you are making the same proposal to multiple NTS implementations. Why go through all the work to add AES-GCM and/or AES-CCM to multiple NTS implementations rather than add AES-SIV to SymCrypt? Adding AES-SIV on your side would instantly make you compatible with every server and presumably most clients.
Also, why both GCM and CCM modes? -- Richard
_______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel