Search RFCs

RFC Editor

File formats:

Status:

INFORMATIONAL

Updated by:

RFC 9748

Authors:

B. Haberman, Ed.
D. Mills

Stream:

IETF

Source:

ntp (int)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC5906

Discuss this RFC: Send questions or comments to the mailing listntp@ietf.org

Other actions:View Errata  | Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 5906

Abstract

This memo describes the Autokey security model for authenticatingservers to clients using the Network Time Protocol (NTP) and publickey cryptography. Its design is based on the premise that IPsecschemes cannot be adopted intact, since that would preclude statelessservers and severely compromise timekeeping accuracy. In addition,Public Key Infrastructure (PKI) schemes presume authenticated timevalues are always available to enforce certificate lifetimes;however, cryptographically verified timestamps require interactionbetween the timekeeping and authentication functions.

This memo includes the Autokey requirements analysis, designprinciples, and protocol specification. A detailed description ofthe protocol states, events, and transition functions is included. Aprototype of the Autokey design based on this memo has beenimplemented, tested, and documented in the NTP version 4 (NTPv4)software distribution for the Unix, Windows, and Virtual MemorySystem (VMS) operating systems at http://www.ntp.org. This document is not an Internet Standards Track specification; it ispublished for informational purposes.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.