This memo specifies Network Time Security (NTS), a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP).
NTS is structured as a suite of two loosely coupled sub-protocols. The first (NTS-KE) handles initial authentication and key establishment over TLS. The second handles encryption and authentication during NTP time synchronization via extension fields in the NTP packets, and holds all required state only on the client via opaque cookies.
Working Group Summary
The document has clear working group consensus for publication, and has been reviewed by several WG participants since its initial adoption as a working group item.
This document has been reviewed and revised several times during its development. There were no specific external expert reviews conducted; however, security area review was specifically solicited.
Karen O'Donoghue is the Document Shepherd. Suresh Krishnan is the Responsible Area Director.