Authentication Scheme Extensions to NTP
draft-mills-ntp-auth-coexist-01

Abstract

The purpose of this document is to extend the NTP/SNTP authentication scheme to support additional features, including Public Key Infrastructure (PKI) cryptography, in order to certify the identity of the sender and verify the integrity of the data included in an NTP message, as well as provide support for other facilities such as a timestamp and non-repudiation service. This document describes a new extension field to support new services for securely binding sender credentials to the NTP message stream. One or more of these fields can be included in the NTP header to support designated security services or other services should they become necessary. The presence of these fields does not affect the operation of the NTP timekeeping model and protocol in any other way. Additional fields may provide means to securely bind arbitrary client data to be signed along with the other information in the message. The ability to sign arbitrary client data provides an important non- repudiation feature that allows this data to be cryptographically bound to an NTP timestamp, together with sender credentials and signature.

Authors

Professor David L. Mills
Todd S. Glassey
Michael E. McNeil

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)