Network Time Security (NTS) support

[ott]

At the moment IETF Network Time Protocol working group is standardizing extensions to NTP to add authenticity and confidentiality to NTP. Central to this effort is the Network Time Security (NTS) mechanism.

The proposed NTS-KE protocol and NTP protocol extensions do not seem to be complex and therefore it should be possible to extend systemd-timesyncd to support NTS with medium effort.

Two of the authors of the current draft are employed by Physikalisch-Technische Bundesanstalt (PTB), the German national metrology institute that is also the legal time authority in Germany. So it can perhaps be expected that NTS becomes widely available after the NTS standardization is finished. The PTB also described efforts to formally verify NTS, collaborated in security research about NTS and presented an attack against an earlier version of the protocol. So perhaps it can be expected that NTS provides better security than Autokey.

There also seems to be an ongoing effort to add NTS to ntpd.

So I think it would make sense for systemd-timesyncd to support NTS to allow secure time synchronization which often seems to be a requirement. If there is a consensus to support NTS in systemd-timesyncd, I can have a look whether I'm able to implement it.

[shibumi]

I would love to see this :) but we should wait until it got standardized.

[poettering]

Sounds good to me. If this is likely to show up in common infrastructure (i.e. is more than an academic project) then this definitely makes sense.

[poettering]

(and yupp, patches in this direction would be greatly appreciated)

[ott]

The reference implementation of NTS switched to CMake a month ago. So it should be possible to build it on GNU/Linux now without effort. I wrote a CMakeLists.txt for it when it was still using Microsoft Visual Studio and was able to build and execute it with just minor changes to the source code. Unfortunately, it requires library versions that are not available in Debian and therefore I'm unable to test it.

[fmarier]

Cloudflare now has a public server available which supports the latest NTS draft: https://blog.cloudflare.com/secure-time/ (time.cloudflare.com)

[kim-netnod]

I'm not sure if this is to any help but some colleagues and friends wrote this client in Go
https://gitlab.com/hacklunch/ntsclient

[ott]

@kim-netnod Unfortunately, systemd cannot use the client. systemd is written in C and not Go.

[stemid]

@ott @kim-netnod According to the NEWS file you should be able to set your own custom Go or C based NTP/NTS client to be used by timesyncd datetimectl using the $SYSTEMD_TIMEDATED_NTP_SERVICES environment variable introduced in version 239.

I have yet to test this though. But it feels like the most modular way to handle new clients for protocols like NTS, to just out source it.

[ott]

@stemid It would replace systemd-timesyncd then. However, the idea behind and architecture systemd is different and this is why systemd-timesyncd exists. It is a controversial aspect of systemd. I also have a mixed opinion about it but I accept things as they are. I assume that such discussion is not wanted here and leads nowhere. So perhaps it's best to keep this discussion about NTS support in systemd-timesyncd and not about which alternatives exist (except for interoperability testing) and how to replace systemd-timesyncd.

[stemid]

It now seems to be standardized in an RFC at least: https://tools.ietf.org/html/rfc8915

[balki]

Fedora/Chrony now supports NTS: https://fedoramagazine.org/secure-ntp-with-nts/

[ssahani]

I think we should do this

[ssahani]

#17778 is ready for testing.

# cat /etc/systemd/timesyncd.conf 
[Time]
NetworkTimeSecurityServer=time.cloudflare.com

[onny]

Unfortunately there seems to be no open PR to support this feature?

[ilf]

On 2020-09-30 IETF published RFC 8915.

On 2020-11-30 @ssahani opened PR #17778.
On 2021-02-17 @poettering closed this PR, with the comment: "I guess we can close this, and continue discussion in #17943"

On 2020-12-11 @ssahani opened PR #17943.
On 2021-08-11 @ssahani closed this PR, without comment.

Can anyone tell the current status please?

[yuwata]

There is no progress, and I guess no one working on this.

[Seirdy]

Curious as to the merits of this effort when Roughtime seems to accomplish more, requiring cryptographic proof of the time server's accuracy.

[ilf]

@Seirdy: Nothing about the content, but both are products of the same IETF working group on NTP, and NTS is a finished RFC, while Roughtime is still unfinished work-in-progress.

[ku4eto]

Its been 1.5 years since the last response. Do we have any information if NTS is going to be implemented at all in systemd-timesyncd ?