Network Time Security for the Network Time Protocol
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: The IESG <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, Karen O'Donoghue <email@example.com>, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Network Time Security for the Network Time Protocol' to Proposed Standard (draft-ietf-ntp-using-nts-for-ntp-28.txt) The IESG has approved the following document: - 'Network Time Security for the Network Time Protocol' (draft-ietf-ntp-using-nts-for-ntp-28.txt) as Proposed Standard This document is the product of the Network Time Protocol Working Group. The IESG contact persons are Éric Vyncke and Suresh Krishnan. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
Technical Summary This memo specifies Network Time Security (NTS), a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP). NTS is structured as a suite of two loosely coupled sub-protocols. The first (NTS-KE) handles initial authentication and key establishment over TLS. The second handles encryption and authentication during NTP time synchronization via extension fields in the NTP packets, and holds all required state only on the client via opaque cookies. Working Group Summary The document has clear working group consensus for publication, and has been reviewed by several WG participants since its initial adoption as a working group item. Document Quality This document has been reviewed and revised several times during its development. There were no specific external expert reviews conducted; however, security area review was specifically solicited. Personnel Karen O'Donoghue is the Document Shepherd. Suresh Krishnan is the Responsible Area Director.