Network Time Security for the Network Time Protocol
draft-dansarie-nts-00

Document Type Expired Internet-Draft (ntp WG)
Last updated 2019-01-03 (latest revision 2018-07-02)
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state Candidate for WG Adoption
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-dansarie-nts-00.txt

Abstract

This memo specifies Network Time Security (NTS), a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP). NTS is structured as a suite of two loosely coupled sub-protocols: the NTS Key Establishment Protocol (NTS-KE) and the NTS Extension Fields for NTPv4. NTS-KE handles NTS service authentication, initial handshaking, and key extraction over TLS. Encryption and authentication during NTP time synchronization is performed through the NTS Extension Fields in otherwise standard NTP packets. Except for during the initial NTS-KE process, all state required by the protocol is held by the client in opaque cookies.

Authors

Daniel Franke (dfoxfranke@gmail.com)
Dieter Sibold (dieter.sibold@ptb.de)
Kristof Teichel (kristof.teichel@ptb.de)
Marcus Dansarie (marcus@dansarie.se)
Ragnar Sundblad (ragge@netnod.se)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)