Update draft-nts-pool.md

pendulum-project · Dec 20, 2023 · f9d46f2 · f9d46f2
1 parent e99a8c7
commit f9d46f2
Showing 1 changed file with 16 additions and 16 deletions.
diff --git a/draft-venhoek-nts-pool.md b/draft-venhoek-nts-pool.md
@@ -39,19 +39,19 @@ informative:
 
 --- abstract
 
-The aim of this document is to describe a proof of concept system for NTS pools that are able to be used by clients without any knowledge beyond plain NTS. The work here focusses purely on creating an intermediate NTS Key Exchange server that can be configured with the addresses of multiple downstream servers and distribute load between them. The parts of pool operation dealing with managing the list of servers are left out of scope for this work.
+The aim of this document is to describe a proof of concept system for NTS pools that are able to be used by clients without any knowledge beyond plain NTS. The work here focuses purely on creating an intermediate NTS Key Exchange server that can be configured with the addresses of multiple downstream servers and distribute load between them. The parts of pool operation dealing with managing the list of servers are left out of scope for this work.
 
 --- middle
 
 # Introduction
 
 NTS {{RFC8915}} provides authenticity and limited confidentiality for NTP {{RFC5905}}. However, the key exchange preceding the actual time exchange makes it hard to implement a pool for NTS supporting servers in a manner similar to the DNS resolution approach taken to provide the NTP Pool {{Pool}}.
 
-This document aims to provide extensions to the NTS Key Exchange sessions that allow an implementation of a pool for NTS that
+This document aims to provide extensions to the NTS Key Exchange sessions that allow for an implementation of a pool for NTS that:
 
   - Is usable without changes to client,
-  - Avoids constraining the downstream time source's cookie format,
-  - Avoids downstream time sources having potential access to all traffic.
+  - avoids constraining the downstream time source's cookie format,
+  - avoids downstream time sources having potential access to all traffic.
 
 # Conventions and Definitions
 
@@ -63,13 +63,13 @@ Where further specificity of the role of a participant is needed, we will use th
 
 # General pool architecture
 
-We propose a pool model where the pool is providing an NTS Key Exchange service to the outside world. This allows the pool to terminate the TLS connection and avoids having to distribute certificates to all downstream time servers. However, that also implies that the pool needs to extract the keys and get valid cookies for the selected downstream time server.
+We propose a pool model where the pool provides an NTS Key Exchange service to the outside world. This allows the pool to terminate the TLS connection and avoids having to distribute certificates to all downstream time servers. However, that also implies that the pool needs to extract the keys and get valid cookies for the selected downstream time server.
 
 To solve this, we ask downstream servers to provide an extension of the NTS Key Exchange protocol that allows the pool to directly communicate the keys to the downstream server, instead of having the downstream server extract this from the TLS session. The explicit communication of keys allows the pool to do the extraction from the TLS server whilst remaining oblivious to the cookie format of the downstream server.
 
 # Client facilities for pools
 
-One challenge with a pool through NTS Key Exchange is that clients that allow for explicit pool configuration do want to end up with multiple independent time sources. To ensure they won't have to do multiple NTS Key Exchange sessions just to discard the result because they already have the time server they
+One challenge with a pool through NTS Key Exchange is that clients that allow for explicit pool configuration want to end up with multiple independent time sources. To ensure they won't have to do multiple NTS Key Exchange sessions just to discard the result because they already have the time server they
 result in, we also introduce a record clients can use to indicate which downstream time servers they don't want.
 
 # New NTS record types
@@ -84,21 +84,21 @@ Client MUST send this record with a 0 sized body. Client MUST NOT use Keep Alive
 
 When supported by server and allowed for the request in question, the server MUST include a Keep Alive record with 0 sized body in the response and keep the TLS connection active after the response to handle further requests from the client. A client SHOULD ignore any body for the Keep Alive record.
 
-When included in the request or response, the client respectively server MAY, contrary to the requirements in {{RFC8915}}, send another request or response. Any TLS "close_notify" SHALL be sent only after the last reqeust or response respectively to use the connection.
+When included in the request or response, the client respectively server MAY, contrary to the requirements in {{RFC8915}}, send another request or response. Any TLS "close_notify" SHALL be sent only after the last request or response respectively to use the connection.
 
-Once a Keep Alive record has been sent by a client, or honored by a server, the TLS connection over which it was sent MUST NOT be used for key extraction. Doing so anyway can result in reuse of keys and the may result in loss of confidentiality or authenticity of the resulting NTP exchanges.
+Once a Keep Alive record has been sent by a client, or honored by a server, the TLS connection over which it was sent MUST NOT be used for key extraction. Doing so anyway can result in the reuse of keys and may result in loss of confidentiality or authenticity of the resulting NTP exchanges.
 
 ## Supported Next Protocol List {#supportedprotocol}
 Record Type Number: To be assigned by IANA (draft implementations: 0x4004)
 Critical bit: 1
 
 This record can be used by a pool to query downstream servers about which next protocols they support.
 
-Client MUST send with no body. Clients MAY use Keep Alive in combination with this record. A request with this record SHOULD NOT inclue a "Next Protocol Negotiation", "AEAD Algorithm Negotiation" or "Fixed Key Request" record.
+Client MUST send with no body. Clients MAY use Keep Alive in combination with this record. A request with this record SHOULD NOT include a "Next Protocol Negotiation", "AEAD Algorithm Negotiation" or "Fixed Key Request" record.
 
-Server MUST ignore any client body sent, and MUST send in response a Supported Next Protocol List record with as data a list of 16 bit integers, giving the protocol ID's the server supports.
+Server MUST ignore any client body sent and MUST send in response a Supported Next Protocol List record with as data a list of 16 bit integers, giving the protocol IDs the server supports.
 
-When included, the server MUST NOT negotiate a next protocol, aead algorithm or keys for this request.
+When included, the server MUST NOT negotiate a next protocol, AEAD algorithm, or keys for this request.
 
 ## Supported Algorithm List {#supportedalgorithm}
 Record Type Number: To be assigned by IANA (draft implementations: 0x4001)
@@ -108,19 +108,19 @@ This record can be used by a pool to query downstream servers about which AEAD a
 
 Client MUST send with no body. Clients MAY use Keep Alive in combination with this record. A request with this record SHOULD NOT include a "Next Protocol Negotiation", "AEAD Algorithm Negotiation" or "Fixed Key Request" record.
 
-Server MUST ignore any client body sent, and MUST send in response a Supported Algorithm List record with as data a list of tuples of two 16 bit integers, the first giving a algorithm ID for the AEAD and the second giving the length of the key for that algorithm ID.
+Server MUST ignore any client body sent and MUST send in response a Supported Algorithm List record with as data a list of tuples of two 16 bit integers, the first giving an algorithm ID for the AEAD and the second giving the length of the key for that algorithm ID.
 
-When included, the server MUST NOT negotiate a next protocol, aead algorithm or keys for this request.
+When included, the server MUST NOT negotiate a next protocol, AEAD algorithm, or keys for this request.
 
 ## Fixed Key Request {#fixedkey}
 Record Type Number: To be assigned by IANA (draft implementations: 0x4002)
 Critical Bit: 1
 
-When client is properly authenticated, the server SHOULD NOT perform Key Extraction for but rather use the keys provided by the client in the extension field. This allows a pool to do key negotiation on behalve of its users with the downstream NTS Key Exchange servers, even though it terminates the TLS connection.
+When client is properly authenticated, the server SHOULD NOT perform Key Extraction but rather use the keys provided by the client in the extension field. This allows a pool to do key negotiation on behalf of its users with the downstream NTS Key Exchange servers, even though it terminates the TLS connection.
 
 When used, the client MUST provide an AEAD Algorithm Negotiation record with precisely one algorithm, and a Next Protocol Negotiation record with precisely one next protocol. The data in the Fixed Key Request record must have length twice the key length N of the AEAD algorithm in the AEAD Algorithm Negotiation record. The first N bytes MUST be the C2S Key and the second set of N bytes MUST be the S2C key. Clients MAY use Keep Alive in combination with this record.
 
-MUST NOT be sent by a server. Server SHOULD treat extension field as unknown when sent by any client not authorized to make fixed key requests.
+MUST NOT be sent by a server. Server SHOULD treat the extension field as unknown when sent by any client not authorized to make fixed key requests.
 
 ## NTP Server Deny {#serverdeny}
 Record Type Number: To be assigned by IANA (draft implementations: 0x4003)
@@ -144,7 +144,7 @@ The design above does avoid sharing key material between all downstream time sou
 
 ## Error handling
 
-To avoid giving multiple downstream time sources access to the key material of the end user, it is important that the keys extracted from the TLS session between the user and the pool be sent to at most one downstream time source. If an error occurs after sending of the Fixed Key Request record, either with the TLS connection between the pool and the downstream time source, or by being explicitly reported by the downstream time source to the pool, the pool SHOULD return an error to the user. Retrying with a different downstream time source may unintentionally leave the user vulnerable to the provider of the originally selected downstream time source.
+To avoid giving multiple downstream time sources access to the key material of the end user, it is important that the keys extracted from the TLS session between the user and the pool are sent to at most one downstream time source. If an error occurs after sending the Fixed Key Request record, either with the TLS connection between the pool and the downstream time source, or by being explicitly reported by the downstream time source to the pool, the pool SHOULD return an error to the user. Retrying with a different downstream time source may unintentionally leave the user vulnerable to the provider of the originally selected downstream time source.
 
 # IANA Considerations