Network Time Security for the Network Time Protocol
draft-dansarie-nts-00
Document | Type |
Expired Internet-Draft
(ntp WG)
Expired & archived
|
|
---|---|---|---|
Authors | Daniel Fox Franke , Dieter Sibold , Kristof Teichel , Marcus Dansarie , Ragnar Sundblad | ||
Last updated | 2019-01-03 (Latest revision 2018-07-02) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | Candidate for WG Adoption | |
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This memo specifies Network Time Security (NTS), a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP). NTS is structured as a suite of two loosely coupled sub-protocols: the NTS Key Establishment Protocol (NTS-KE) and the NTS Extension Fields for NTPv4. NTS-KE handles NTS service authentication, initial handshaking, and key extraction over TLS. Encryption and authentication during NTP time synchronization is performed through the NTS Extension Fields in otherwise standard NTP packets. Except for during the initial NTS-KE process, all state required by the protocol is held by the client in opaque cookies.
Authors
Daniel Fox Franke
Dieter Sibold
Kristof Teichel
Marcus Dansarie
Ragnar Sundblad
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)