Skip to main content

Authentication Scheme Extensions to NTP

Document Type Expired Internet-Draft (stime WG)
Expired & archived
Authors Professor David L. Mills , Todd S. Glassey , Michael E. McNeil
Last updated 1998-09-01
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The purpose of this document is to extend the NTP/SNTP authentication scheme to support additional features, including Public Key Infrastructure (PKI) cryptography, in order to certify the identity of the sender and verify the integrity of the data included in an NTP message, as well as provide support for other facilities such as a timestamp and non-repudiation service. This document describes a new extension field to support new services for securely binding sender credentials to the NTP message stream. One or more of these fields can be included in the NTP header to support designated security services or other services should they become necessary. The presence of these fields does not affect the operation of the NTP timekeeping model and protocol in any other way. Additional fields may provide means to securely bind arbitrary client data to be signed along with the other information in the message. The ability to sign arbitrary client data provides an important non- repudiation feature that allows this data to be cryptographically bound to an NTP timestamp, together with sender credentials and signature.


Professor David L. Mills
Todd S. Glassey
Michael E. McNeil

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)