r26 - 2008-06-10 - 01:55:06 - HarlanStennYou are here: NTP >  IETF Web > WebHome
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p10 was released on 21 March 2017. It addresses 6 medum- and 5 low-severity security issues, 4 informational security topics, 15 bugfixes, and contains other improvements over 4.2.8p9.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

IETF NTP Working Group

IDEA! Interested in participating? Please ReadMeFirst.

Background and Charter

The Network Time Protocol (NTP) is widely deployed and used in the Internet. However, the standardization status of this protocol has lagged in the IETF. RFC 1305 was published in March 1992 and remains unchanged and at Draft Standard status. A good deal of work has been produced in the NTP community over the years, but this work has not been reflected back into the NTP specification. The goal of this working group is to update the NTP protocol specification and advance the standardization status of NTP based on the extensive work from the NTP community.

A number of topics have been raised as potential work items for an update to NTP including support for IPv6, security considerations, automatic configuration, and algorithm improvements. This working group will develop an NTPv4 specification based on the state of NTPv4 in the community. This effort will maintain backwards compatibility with NTPv3. Potentials further modifications and additions to the NTP protocol will be documented for possible further work beyond NTPv4.

The working group will complete the following tasks:

  • Produce an NTPv4 Scope and Requirements Document
  • Produce an NTPv4 Protocol Specification
  • Produce an NTPv4 Algorithms Specification
  • Produce an NTPv4 MIB

The official current charter can be found at http://www.ietf.org/html.charters/ntp-charter.html .

Goals and Milestones:

Date What
Dec 2007 WG Last Call NTP Protocol Specification
Dec 2007 WG Last Call NTP MIB Specification
Dec 2007 Draft of NTP Control Protocol - Informational RFC
Mar 2008 WG Last Call NTP Autokey Specification - Informational RFC
Mar 2008 WG Last Call NTP Control Protocol - Informational RFC
--- ---
Done Draft of NTP Autokey Specification - Informational RFC
Done Draft of Scope and Requirements Document
Done Draft of NTP Protocol Specification
Done Draft of MIB Specification
Done Draft of NTP Algorithms Specification
--- ---
Cancel WG Last Call Scope and Requirements Document (document canceled)
Cancel WG Last Call NTP Algorithms Specification (document canceled)
--- ---
May 2006 WG Last Call NTP Algorithms Specification
Sep 2005 WG Last Call Scope and Requirements Document
Jul 2005 Initial Draft of NTP Algorithms Specification
Jul 11 2005 Internet Draft Cut-off for initial document (-00)
Jul 5 2005 Cutof for WG chair approval for WG document
May 2005 Initial Draft of MIB Specification
Mar 2005 Initial Draft of Scope and Requirements Document
Jan 2005 NTP WG Charter Approved
Nov 2004 NTP BOF at IETF 61


2008 Jun 09 update

Network Time Protocol Version 4 Autokey Specification

This memo describes the Autokey security model for authenticating servers to clients using the Network Time Protocol (NTP) and public key cryptography. Its design is based on the premise that IPSEC schemes cannot be adopted intact, since that would preclude stateless servers and severely compromise timekeeping accuracy. In addition, PKI schemes presume authenticated time values are always available to enforce certificate lifetimes; however, cryptographically verified timestamps require interaction between the timekeeping and authentication functions.

This memo includes the Autokey requirements analysis, design principles and protocol specification. A detailed description of the protocol states, events and transition functions is included. A prototype of the Autokey design based on this memo has been implemented, tested and documented in the NTP Version 4 (NTPv4) software distribution for Unix, Windows and VMS at http://www.ntp.org.

A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ntp-autokey-03.txt

2008 May 30 update

The Network Time Protocol (NTP) Server Option for DHCPv6 is now a WG item:


Please comment on this revision that includes the comments received on the personal submission versions of the draft.


Richard Gayraud, Benoit Lourdelet

2008 Feb 25 update


2007 Dec 26 update

Brad Knowles says:

Updated the mailing list management policy and compliance statement for the NTP WG at https://support.ntp.org/bin/view/Support/IetfMailingLists.

2007 Nov 20 update

Brian Haberman says:

The latest NTPv4 protocol specification has been published. This revision should address all Last Call issues raised except for additional text on the timing reference point. I did not see any consensus on the mailing list on the text proposed by Rich Osman using the LI as the reference point. Please review this version for all other changes.

If you have comments on the reference point for the start time, please post that to the mailing list.


2007 Jul 25 update

Brian Haberman says:

The minutes of the meeting have been posted to http://www3.ietf.org/proceedings/07jul/minutes/ntp.txt .

The latest version of the protocol spec is available in the I-D repository.


2007 May 14 update

Brian Haberman says:

This version of the protocol specification incorporates all comments received to date (to my knowledge). Please review. My plan is to start a working group last call on this document in the next week or so.

A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ntp-ntpv4-proto-05.txt

2007 Jan 25 update

The editing team has produced a new draft based on all the comments received to date. It is available in the Internet Drafts repository.

Please review this document and send any comments to ntpwg@ntp.org . Based on comments received, we will be proceeding to WG Last Call shortly.

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Time Protocol Working Group of the IETF.

    Title    : Network Time Protocol Version 4 Protocol And Algorithms Specification 
    Author(s): J. Burbank, et al. 
    Filename : draft-ietf-ntp-ntpv4-proto-04.txt 
    Pages    : 116 
    Date     : 2007-1-18

The Network Time Protocol (NTP) is widely used to synchronize computer clocks in the Internet. This memorandum describes Version 4 of the NTP (NTPv4), introducing several changes from Version 3 of NTP (NTPv3) described in RFC 1305, including the introduction of a modified protocol header to accomodate Internet Protocol Version 6. NTPv4 also includes optional extensions to the NTPv3 protocol,including a dynamic server discovery mechanism.

A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ntp-ntpv4-proto-04.txt

Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ntp-ntpv4-proto-04.txt".

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r26 < r25 < r24 < r23 < r22 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback