Re: [Ntp] A simpler way to secure PTP

Heiko Gerstung <> Wed, 12 May 2021 05:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3D44D3A3487 for <>; Tue, 11 May 2021 22:15:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aU8SUECBYoPf for <>; Tue, 11 May 2021 22:14:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B39AC3A3485 for <>; Tue, 11 May 2021 22:14:57 -0700 (PDT)
Received: from (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 4696E71C068E; Wed, 12 May 2021 07:14:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=dkim; t=1620796491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=F5Ckcx6b4czfq1r4N4MkRDUz7/gJA5rvFUmhkePIwmk=; b=aw2OhdfVnI6Dpdk0aVfx3v7B9a4oQ8Tb21ko1Zp810HIF7vna4S49UA/NXihpgOwpnqDbS WyIeKV2XePHbWJr/UCD6NGkhbrGjZQ6edfxk7hp6HV2/AtOwsCLBVu1goT+RkE3C5Aowx6 bUraibNcWt1VNqReK06RA0yRGI9pOKTa+5XlhpaDtTyNkFn9HZCA//vchm4yhQtp+eN+Pn c51BxCKLXSwAdnNFyCa327n+9j145ZQNQrRP7y6BdglMl44k5BWomIYwWmbxE9HqYPA79/ y7B0E/O2hmq+yWho6MqlG1Fnc9nTbhK8W0iOAYKymNjkDjmc50QiiYvJOnrgGQ==
Received: from ( []) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS; Wed, 12 May 2021 07:14:50 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.48.21041102
Date: Wed, 12 May 2021 07:14:48 +0200
Message-ID: <>
Thread-Topic: [Ntp] A simpler way to secure PTP
References: <> <> <>
In-Reply-To: <>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+NmY2YTczNjlmZDI4MmRiNQ==
From: Heiko Gerstung <>
To: Daniel Franke <>
Cc: NTP WG <>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----1609BAC9929F18D4FCB3CCD30B4B161A"
Archived-At: <>
Subject: Re: [Ntp] A simpler way to secure PTP
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 12 May 2021 05:15:03 -0000

Hi Daniel,


that’s why we use the integrated security mechanism for unicast PTP and just use the NTS-KE protocol to exchange the required keys for that. Due to the fact that the two protocols NTP and PTP work in a completely different way, there is not more that can be reused. I agree we could find another way to exchange keys and it doesn’t have to be NTS. But why not using it, now that it is there? 







Heiko Gerstung 

Managing Director 


MEINBERG® Funkuhren GmbH & Co. KG 

Lange Wand 9 

D-31812 Bad Pyrmont, Germany 

Phone: +49 (0)5281 9309-404 

Fax: +49 (0)5281 9309-9404 


Amtsgericht Hannover 17HRA 100322 

Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung 







Do not miss our Time Synchronization Blog:


Connect via LinkedIn:




Von: ntp <> im Auftrag von Daniel Franke <>
Datum: Dienstag, 11. Mai 2021 um 21:40
An: Heiko Gerstung <>
Cc: NTP WG <>
Betreff: Re: [Ntp] A simpler way to secure PTP


On Tue, May 11, 2021 at 3:14 AM Heiko Gerstung <> wrote:

However, especially unicast PTP is a great traffic amplification tool, maybe one of the biggest traffic amplification machines of all times. And I also believe that it would be great to (re)use the general concepts of NTS to secure the other popular time transfer protocol out there.


Amplification is definitely worth fixing, but ISTM this should be orthogonal to the NTS effort. You don't need message authentication for that, you just need the client to prove (and maybe occasionally re-prove) that it's able to receive packets at a particular IP address. There may be some crypto involved in doing so (a la TCP SYN cookies), but it doesn't have to be related to NTS crypto, and servers shouldn't have to require all their clients to support NTS just to prevent themselves from being exploited for amplification.

_______________________________________________ ntp mailing list