Re: [Ntp] Antw: Re: Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts

Heiko Gerstung <> Mon, 02 September 2019 10:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7350012006A for <>; Mon, 2 Sep 2019 03:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.29
X-Spam-Status: No, score=-4.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hy4dru_Y7SxX for <>; Mon, 2 Sep 2019 03:46:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3E77C120089 for <>; Mon, 2 Sep 2019 03:46:02 -0700 (PDT)
Received: from (unknown []) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id AACBA71C08AB; Mon, 2 Sep 2019 12:45:58 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.2 AACBA71C08AB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail201101; t=1567421160; bh=6BsWxzPOFSMBfP3eE08kkFr/iX88YRI6U1kni1SoQyw=; h=Date:Subject:Message-ID:References:In-Reply-To:Mime-version:From: To:Content-Type:Content-Transfer-Encoding; b=XieAirpFiWU14xxq8PbX7W/dHPIKo2WkrHZMb7FWn6BstlWBfxnIf6UlDNHzStVRl NbyNY5pfCCfE8qDzEx2oZSnJv8157ZIgcG640uvQyX26NUrOup9VlPx9Nr58JOlEGC 6oZd7uM+AZxQn1KdhhFjxemc+aF32x8Fnyx/JKOs=
X-Kerio-Anti-Spam: Build: [Engines:, Stamp: 3], Multi: [Enabled, t: (0.000008,0.005118)], BW: [Enabled, t: (0.000009)], RTDA: [Enabled, t: (0.037623), Hit: No, Details: v2.7.53; Id: 15.1i61gv1.1djop9it0.2o6a9], total: 0(700)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/10.1c.0.190812
Date: Mon, 2 Sep 2019 12:45:54 +0200
Message-ID: <>
Thread-Topic: [Ntp] Antw: Re: Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts
References: <> <> <> <> <20190828103752.GI24761@localhost> <> <20190828111458.GJ24761@localhost> <> <> <> <> <> <>
In-Reply-To: <>
Mime-version: 1.0
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+MGQ3NGNiYTgyN2MxZTBhYw==
From: Heiko Gerstung <>
To: Harlan Stenn <>, "" <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.100.3 at server1a
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [Ntp] Antw: Re: Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Sep 2019 10:46:04 -0000

Not talking about the refid. An "InstanceID" could be a unique identifier of an NTP instance. It could be used as a refid as well in the NTP responses of an instance. Every server in a chain would be able to ask its upstream NTPv5 servers for their chain and passes that chain down to its clients (upon request) adding its own instanceID to the list. Any NTPv5 server receiving that chain could check if its own instanceID is already in the chain and then reject the upstream server due to a time loop detection issue. 

This higher level knowledge is not part of the *NTPv4* protocol, but it could be part of the NTPv5 protocol. If we add a flag to each entry in that chain indicating if that instance was protected with NTS, we could come up with a "chain of trust" thing and we could not only detect timing loops but would also be able to find out if the chain of clocks is fully NTS protected. 

There might be other benefits, I am just tossing ideas around..

Best Regards,

Heiko Gerstung 
Managing Director

MEINBERG® Funkuhren GmbH & Co. KG
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Phone:    +49 (0)5281 9309-404
Fax:        +49 (0)5281 9309-9404

Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung


Do not miss our Time Synchronization Blog: 

Connect via LinkedIn:

On 02.09.19, 12:22 "ntp im Auftrag von Harlan Stenn" < im Auftrag von> wrote:

    The refid has meaning on the system that issues it.
    The refid is a nonce to any system that receives it.
    Any meaning of the refid outside of the issuing system relies on
    higher-level knowledge that is not part of the protocol.
    On 9/2/2019 1:00 AM, Heiko Gerstung wrote:
    > Hi Ulrich,
    > good point. That is why NTP would use that "ID" instead of the IP address to identify itself. That means ntpd could find out timing loops even if they are caused by a routing loop.
    > Regards,
    >    Heiko
    Harlan Stenn, Network Time Foundation - be a Member!
    ntp mailing list