Network Time Security for the Network Time Protocol
RFC 8915
Internet Engineering Task Force (IETF) D. Franke
Request for Comments: 8915 Akamai
Category: Standards Track D. Sibold
ISSN: 2070-1721 K. Teichel
PTB
M. Dansarie
R. Sundblad
Netnod
September 2020
Network Time Security for the Network Time Protocol
Abstract
This memo specifies Network Time Security (NTS), a mechanism for
using Transport Layer Security (TLS) and Authenticated Encryption
with Associated Data (AEAD) to provide cryptographic security for the
client-server mode of the Network Time Protocol (NTP).
NTS is structured as a suite of two loosely coupled sub-protocols.
The first (NTS Key Establishment (NTS-KE)) handles initial
authentication and key establishment over TLS. The second (NTS
Extension Fields for NTPv4) handles encryption and authentication
during NTP time synchronization via extension fields in the NTP
packets, and holds all required state only on the client via opaque
cookies.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8915.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
1.1. Objectives
1.2. Terms and Abbreviations
1.3. Protocol Overview
2. Requirements Language
3. TLS Profile for Network Time Security
4. The NTS Key Establishment Protocol
4.1. NTS-KE Record Types
4.1.1. End of Message
4.1.2. NTS Next Protocol Negotiation
4.1.3. Error
4.1.4. Warning
4.1.5. AEAD Algorithm Negotiation
4.1.6. New Cookie for NTPv4
4.1.7. NTPv4 Server Negotiation
4.1.8. NTPv4 Port Negotiation
4.2. Retry Intervals
4.3. Key Extraction (Generally)
5. NTS Extension Fields for NTPv4
5.1. Key Extraction (for NTPv4)
5.2. Packet Structure Overview
5.3. The Unique Identifier Extension Field
5.4. The NTS Cookie Extension Field
5.5. The NTS Cookie Placeholder Extension Field
5.6. The NTS Authenticator and Encrypted Extension Fields
Extension Field
5.7. Protocol Details
6. Suggested Format for NTS Cookies
7. IANA Considerations
7.1. Service Name and Transport Protocol Port Number Registry
7.2. TLS Application-Layer Protocol Negotiation (ALPN) Protocol
IDs Registry
7.3. TLS Exporter Labels Registry
7.4. NTP Kiss-o'-Death Codes Registry
7.5. NTP Extension Field Types Registry
7.6. Network Time Security Key Establishment Record Types
Registry
7.7. Network Time Security Next Protocols Registry
7.8. Network Time Security Error and Warning Codes Registries
8. Security Considerations
8.1. Protected Modes
8.2. Cookie Encryption Key Compromise
8.3. Sensitivity to DDoS Attacks
8.4. Avoiding DDoS Amplification
8.5. Initial Verification of Server Certificates
8.6. Delay Attacks
8.7. NTS Stripping
9. Privacy Considerations
9.1. Unlinkability
9.2. Confidentiality
10. References
10.1. Normative References
10.2. Informative References
Acknowledgments
Authors' Addresses
1. Introduction
This memo specifies Network Time Security (NTS), a cryptographic
security mechanism for network time synchronization. A complete
specification is provided for application of NTS to the client-server
Show full document text