Securing time with NTS

Whether it's at the top, bottom, left or right, chances are that whatever screen you are currently looking at is showing you what the current time is. While your device will have a built-in clock, it is generally pretty unreliable, either completely losing its knowledge about the current time or drifting away slowly over time. NTP is one of the most important ways by which your device every once in a while figures out what the time is and will adjust its clock accordingly. But NTP is completely insecure, allowing almost anyone with relative ease to change your system clock.

That could result in you missing an appointment, but it could also result in things like TLS certificates being valid/invalid while the opposite is true, kerberos tickets and TOTP tokens failing, databases not synchronizing properly or log traces on distributed systems being almost impossible to decipher.

NTS is here to solve that, but it has seen very little adoption so far. One of the things we need is a good NTS source of time that anyone can use as a default, but NTS has some limitations making it hard to create something like time.ntp.org. We (Trifecta Tech Foundation, makers of ntpd-rs) have some ideas, but we need your help to get it off the ground.

• https://experimental.ntspooltest.org/
• https://github.com/pendulum-project/nts-pool/
• https://github.com/pendulum-project/ntpd-rs/
• https://datatracker.ietf.org/doc/html/rfc8915