Skip to main content

Network Time Security for the Network Time Protocol
draft-dansarie-nts-00

Document Type Expired Internet-Draft (ntp WG)
Expired & archived
Authors Daniel Fox Franke , Dieter Sibold , Kristof Teichel , Marcus Dansarie , Ragnar Sundblad
Last updated 2019-01-03 (Latest revision 2018-07-02)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Additional resources Mailing list discussion
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This memo specifies Network Time Security (NTS), a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP). NTS is structured as a suite of two loosely coupled sub-protocols: the NTS Key Establishment Protocol (NTS-KE) and the NTS Extension Fields for NTPv4. NTS-KE handles NTS service authentication, initial handshaking, and key extraction over TLS. Encryption and authentication during NTP time synchronization is performed through the NTS Extension Fields in otherwise standard NTP packets. Except for during the initial NTS-KE process, all state required by the protocol is held by the client in opaque cookies.

Authors

Daniel Fox Franke
Dieter Sibold
Kristof Teichel
Marcus Dansarie
Ragnar Sundblad

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)