Network Time Security for the Network Time Protocol
RFC 8915

Document Type RFC - Proposed Standard (September 2020; No errata)
Authors Daniel Franke  , Dieter Sibold  , Kristof Teichel  , Marcus Dansarie  , Ragnar Sundblad 
Last updated 2020-09-30
Stream IETF stream
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd Karen O'Donoghue
Shepherd write-up Show (last changed 2019-11-07)
IESG IESG state RFC 8915 (Proposed Standard)
Action Holders
Consensus Boilerplate Yes
Telechat date
Responsible AD Suresh Krishnan
Send notices to Karen O'Donoghue <>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
IANA expert review state Reviews assigned
IANA expert review comments TLS expert expects "recommended" field for TLS Exporter Label to be changed back to "Y" after version 24.

Internet Engineering Task Force (IETF)                         D. Franke
Request for Comments: 8915                                        Akamai
Category: Standards Track                                      D. Sibold
ISSN: 2070-1721                                               K. Teichel
                                                             M. Dansarie
                                                             R. Sundblad
                                                          September 2020

          Network Time Security for the Network Time Protocol


   This memo specifies Network Time Security (NTS), a mechanism for
   using Transport Layer Security (TLS) and Authenticated Encryption
   with Associated Data (AEAD) to provide cryptographic security for the
   client-server mode of the Network Time Protocol (NTP).

   NTS is structured as a suite of two loosely coupled sub-protocols.
   The first (NTS Key Establishment (NTS-KE)) handles initial
   authentication and key establishment over TLS.  The second (NTS
   Extension Fields for NTPv4) handles encryption and authentication
   during NTP time synchronization via extension fields in the NTP
   packets, and holds all required state only on the client via opaque

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
     1.1.  Objectives
     1.2.  Terms and Abbreviations
     1.3.  Protocol Overview
   2.  Requirements Language
   3.  TLS Profile for Network Time Security
   4.  The NTS Key Establishment Protocol
     4.1.  NTS-KE Record Types
       4.1.1.  End of Message
       4.1.2.  NTS Next Protocol Negotiation
       4.1.3.  Error
       4.1.4.  Warning
       4.1.5.  AEAD Algorithm Negotiation
       4.1.6.  New Cookie for NTPv4
       4.1.7.  NTPv4 Server Negotiation
       4.1.8.  NTPv4 Port Negotiation
     4.2.  Retry Intervals
     4.3.  Key Extraction (Generally)
   5.  NTS Extension Fields for NTPv4
     5.1.  Key Extraction (for NTPv4)
     5.2.  Packet Structure Overview
     5.3.  The Unique Identifier Extension Field
     5.4.  The NTS Cookie Extension Field
     5.5.  The NTS Cookie Placeholder Extension Field
     5.6.  The NTS Authenticator and Encrypted Extension Fields
           Extension Field
     5.7.  Protocol Details
   6.  Suggested Format for NTS Cookies
   7.  IANA Considerations
     7.1.  Service Name and Transport Protocol Port Number Registry
     7.2.  TLS Application-Layer Protocol Negotiation (ALPN) Protocol
           IDs Registry
     7.3.  TLS Exporter Labels Registry
     7.4.  NTP Kiss-o'-Death Codes Registry
     7.5.  NTP Extension Field Types Registry
     7.6.  Network Time Security Key Establishment Record Types
     7.7.  Network Time Security Next Protocols Registry
     7.8.  Network Time Security Error and Warning Codes Registries
   8.  Security Considerations
     8.1.  Protected Modes
     8.2.  Cookie Encryption Key Compromise
     8.3.  Sensitivity to DDoS Attacks
     8.4.  Avoiding DDoS Amplification
     8.5.  Initial Verification of Server Certificates
     8.6.  Delay Attacks
     8.7.  NTS Stripping
   9.  Privacy Considerations
     9.1.  Unlinkability
     9.2.  Confidentiality
   10. References
     10.1.  Normative References
     10.2.  Informative References
   Authors' Addresses

1.  Introduction

   This memo specifies Network Time Security (NTS), a cryptographic
   security mechanism for network time synchronization.  A complete
   specification is provided for application of NTS to the client-server
Show full document text