A Secure Selection and Filtering Mechanism for the Network Time Protocol with Khronos
RFC 9523, “A Secure Selection and Filtering Mechanism for the Network Time Protocol with Khronos”, is an Informational document published in February 2024 by N. Rozen-Schiff, D. Dolev, T. Mizrahi, M. Schapira. The canonical text is published by the RFC Editor.
Abstract
The Network Time Protocol version 4 (NTPv4), as defined in RFC 5905, is the mechanism used by NTP clients to synchronize with NTP servers across the Internet. This document describes a companion application to the NTPv4 client, named "Khronos", that is used as a "watchdog" alongside NTPv4 and that provides improved security against time-shifting attacks. Khronos involves changes to the NTP client's system process only. Since it does not affect the wire protocol, the Khronos mechanism is applicable to current and future time protocols.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9523 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9522 Overview and Principles of Internet Traffic Engineering
- RFC 9524 Segment Routing Replication for Multipoint Service Delivery
- RFC 9521 Bidirectional Forwarding Detection for Generic Network Virtualization Encapsulation
- RFC 9526 Simple Provisioning of Public Names for Residential Networks
- RFC 9519 Update to the IANA SSH Protocol Parameters Registry Requirements
- RFC 9527 DHCPv6 Options for the Homenet Naming Authority
- RFC 9528 Ephemeral Diffie-Hellman Over COSE
- RFC 9517 A URN Namespace for the Data Documentation Initiative