Network Time Protocol Suggest REFID Extension Field

The information below is for an old version of the document
Document Type Expired Internet-Draft (ntp WG)
Last updated 2017-04-27 (latest revision 2016-10-24)
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state Candidate for WG Adoption
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


NTP has been widely used through several revisions, with the latest being RFC 5905 [RFC5905]. A core component of the protocol and the algoritms is the Reference ID, or REFID, which is used to identify the source of time used for synchronization. Traditionally, when the source of time was another system the REFID was the IPv4 address of that other system. The purpose of the REFID is to prevent a one- degree timing loop, where if A has several timing sources that include B, if B decides to get its time from A we don't want A then deciding to get its time from B. The REFID is considered to be "public data" and is a vital core-component of the base NTP packet. If a system's REFID is the IPv4 address of its system peer, an attacker can try to use that information to send spoofed time packets to either or both the target or the target's server, attempting to cause a disruption in time service. This proposal is a backward- compatible way for a time source to tell its peers or clients "If you use me as your system peer, use this nonce as your REFID." This nonce SHOULD not be traceable to the original system, and if it is used as the REFID this type of attack is prevented.


Harlan Stenn (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)