Netnod launch one of the first NTS enabled time services in the world
NTS is an essential development of NTP, adding a much needed layer of security to a protocol that is more than 30 years old and vulnerable to Man-in-the-Middle (MITM) attacks. With many of today’s most important security processes dependent on accurate time, the consequences of receiving time from a malicious source are serious. Everything from establishing encrypted sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time.
“As a leading player in providing services at the core of the Internet, Netnod is proud to be at the forefront of NTS,” said Lars Michael Jogbäck, Netnod CEO. “Developing services such as NTS is part of Netnod’s commitment to ensuring that the Internet is as secure and robust as possible for everyone.”
Netnod’s NTP service, funded by the Swedish Post and Telecom Authority (PTS), uses a distributed timescale on autonomous nodes throughout Sweden to provide a time service available over IPv4 or IPv6 and traceable to within 250 nanoseconds of official Swedish time UTC(SP). Each site has redundant servers, 2 caesium clocks, and 2 FPGA boards providing an extremely fast hardware implementation of NTP.
Netnod’s NTS-enabled NTP service is freely available to anyone. You can point your NTS-enabled NTP client (using port 3443*) to one of the following servers:
- nts.ntp.se (for users anywhere in the world)
- nts.sth1.ntp.se (for users close to Stockholm)
- nts.sth2.ntp.se (for users close to Stockholm)
* Note that the NTS protocol is still a so-called Internet-draft within the IETF. Once It is ratified and becomes an RFC, the port number used could change.
Update Apr 20, 2020: An incompatible change was made in the NTS draft as of version 26. For those using a NTS client supporting the new behaviour, port 3443 is to be used. Clients having the old behaviour should use port 4443. For more information see here.
Update Oct 6, 2020: The NTS draft has been accepted as RFC8915. The official port number for NTS is now 4460. Port 3443 and 4443 are still supported by Netnod’s NTS service as described above. For more info see here
Current NTP clients supporting NTS (two of which were written by Netnod staff) include:
https://gitlab.com/NTPsec/ntpsec (one of the first established NTP implementations to add official support for NTS)
https://github.com/Netnod/nts-poc-python (a Python implementation written by Christer Weinigel, Netnod)
https://gitlab.com/hacklunch/ntsclient (a Go implementation written by Michael Cardell Widerkrantz - Netnod, Daniel Lublin - lublin.se, and Martin Samuelsson)
For more details on Netnod’s work on developing NTS, and how the protocol works, see this recent post on the Netnod blog.