Document Type Active Internet-Draft (ntp WG)
Last updated 2019-02-08
Stream IETF
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream WG state Candidate for WG Adoption
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                              A. Malhotra
Internet-Draft                                         Boston University
Intended status: Informational                                 A. Langly
Expires: August 12, 2019                                          Google
                                                                 W. Ladd
                                                        February 8, 2019



   This document specifies Roughtime - a protocol that aims to achieve
   rough time synchronization while detecting servers that provide
   inaccurate time and providing cryptographic proof of their

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 12, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Malhotra, et al.         Expires August 12, 2019                [Page 1]
Internet-Draft                  Roughtime                  February 2019

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1.  Motivation

   Time synchronization is essential to Internet security as many
   security protocols and other applications require synchronization
   [RFC7384][MCBG].  Unfortunately widely deployed protocols such as the
   Network Time Protocol (NTP) [RFC5905] lack essential security
   features, and even newer protocols like Network Time Security (NTS)
   [I-D.ietf-ntp-using-nts-for-ntp] fail to ensure that the servers
   behave correctly.  Authenticating time servers prevents network
   adversaries from modifying time packets.  An authenticated time
   server still has full control over the contents of time packet and
   may go rogue.  Roughtime protocol provides cryptographic proof of
   malfeasance, enabling clients to detect and prove to a third party
   server's attempts to influence the time a client computes.

   |   Protocol   | Authenticated Server | Server Malfeasance Evidence |
   | NTP, Chronos |          N           |              N              |
   |   NTP-MD5    |          Y*          |              N              |
   | NTP-Autokey  |         Y**          |              N              |
   |     NTS      |          Y           |              N              |
   |  Roughtime   |          Y           |              Y              |

                 Security Properties of current protocols

                                  Table 1

   Y* For security issues with symmetric-key based NTP-MD5
   authentication, please refer to Message Authentication Code for the
   Network Time Protocol draft [I-D.ietf-ntp-mac]

   Y** For security issues with Autokey Public Key Authentication, refer
   to [Autokey]

2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

Malhotra, et al.         Expires August 12, 2019                [Page 2]
Internet-Draft                  Roughtime                  February 2019

3.  Protocol Overview

   Roughtime is a protocol for rough time synchronization that enables
   clients to provide cryptographic proof of server malfeasance.  It
   does so by having responses from servers include a signature with a
   certificate rooted in long term public/private key pair over a
Show full document text