2.6.11 Secure Network Time Protocol (stime)

NOTE: This charter is a snapshot of the 50th IETF Meeting in Minneapolis, Minnesota. It may now be out-of-date. Last Modified: 14-Mar-01


Tim Polk <wpolk@nist.gov>
Patrick Cain <pcain@bbn.com>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>

Security Area Advisor:

Marcus Leech <mleech@nortelnetworks.com>

Mailing Lists:

General Discussion:ietf-stime@stime.org
To Subscribe: ietf-stime-request@stime.org
In Body: (un)subscribe
Archive: http://www.nist.gov/itl/div896/emaildir/authtime/maillist.html

Description of Working Group:

For trust models to be truly portable across the Internet, transactions must be anchored so they are comparable. The one shared commodity that can be widely agreed upon is time, and the ability to authenticate the source of the time can assist in providing such portability in trust. The ability to securely obtain time from authenticated sources is thus becoming a key factor in security and non-repudiation.

Current IETF protocols address the distribution of time, and there is also a project for the generation of cryptographically protected timestamps. Existing approaches to distributing time are vulnerable to external attack and tampering, as these do not take advantage of advances in public key infrastructure and cryptographic methods, and require distribution of cryptographic keys via nonscalable out-of-band means. Securing time distribution using PKI mechanisms allows the process to scale and minimizes risk.
The purpose of this working group is to define the message formats and protocols - specifically, modifications to the existing Network Time Protocol (NTP) - which are necessary to support the authenticated distribution of time for the Internet. The working group will be chartered for a period of 12 months to meet this goal. Utilization of previous research in this area is expected.
Work will concentrate on the Internet-based NTP, to be enhanced with the addition of public-key based authentication and security. The working group expects to enhance NTP by way of occasional "setup" interchanges between client and time server to establish a shared secret, followed by normal NTP interchanges secured via the shared secret. The output of the working group is expected to be a standards-track document.

Goals and Milestones:

Aug 99


Submit 3rd draft of Authentication Scheme Extensions to NTP as an I-D

Nov 99


Submit 4th draft of Authentication Scheme Extensions to NTP as an I-D

Mar 00


Submit Authentication Scheme Extensions to NTP to IESG for consideration as an RFC

No Current Internet-Drafts
No Request For Comments

Current Meeting Report

Secure Network Time Working Group Minutes
20 March, 2001

1. Pat Cain presented an overview of the agenda. The first topic was a review of the charter. This group is not intended to revise the Network Time Protocol, but to augment the protocol to authenticate the source of the packets.

2. (Current draft) Next, Pat presented the current status of the draft. The last draft has expired, but a new version was submitted unofficially to the list. A new official I-D will be submitted after the next meeting. Remaining issues: use of PKI certificates, support IPv6 addresses, and use SHA-1 instead of the current draft's MD5 for authentication. Next draft will be draft-ietf-stime-ntpauth-02.txt.

3. (Certificate support) The original draft left a hole for PKI because they thought it was way too hard. The current proposal is relatively straightforward and allows a client or server to request either a PGP or X.509 certificate. There had been concern about large (>5K) certificates, but the list has demonstrated that most are 2K or less. Certificate validation is a local option. The certificate is used to verify the digital signature on the NTP autokey message.

4. (IPv6 support is still an issue.) The autokey generation takes a hash of the client IPaddr, server, server IPaddr, cookie, and private value. The IPaddr is used to spread the key space slightly and to bind some identity information into the keystream. The first idea was to expand the 32 bit IPv4 address to 128 bits( IPv6 address size). Ran Atkinson explained that architecturally, binding the identity to the IP address is not a good idea. Systems may wish to change addresses without dropping their connections. Pat was thinking of proposing allowing a client to supply a 'random' quantity for this value. Marcus Leech (one of the Area Directors) indicated that he could support that idea. Watch for this one on the list.

5. A new draft will be posted soon after the Minneapolis meeting, correcting some bugs and adding more detail. The WG intends to have Last Call on that document or its successor. The goal is to complete last call before London.

The WG does not expect to meet in London.

The session closed. W. Tim Polk compiled the minutes. There were approximately 30 attendees at the meeting.

N.B. An old version of the WG page appeared out of nowhere at the ietf web site. The subscription information for our maillist is incorrect. The correct info is:
To subscribe (or unsubscribe) to authtime@nist.gov, please send an email message to listproc@nist.gov containing the single line "subscribe (or unsubscribe) authtime". (The subject line is optional/ignored.)