NTS (Network Time Security) is to NTP (Network Time Protocol) essentially what HTTPS is to HTTP: It provides authenticity of the information. Unlike HTTPS, NTS does not provide any confidentiality, as the current time is public information.
Want to learn more about NTS? Here is an overview over my NTS articles.
NTS Servers
Currently, the number of public servers with NTS support still seems very modest:
| Location/Country | Servers | Notes |
|---|---|---|
| Global | time.cloudflare.com | Anycast |
| Brazil | a…d.st1.ntp.br | |
| Brazil | brazil.time.system76.com | Mike Cifelli |
| Canada | time.0xt.ca | Tanner Ryan |
| France | paris.time.system76.com | Mike Cifelli |
| Germany | ptbtime1…3.ptb.de | |
| Germany | nts1.adopo.net | Patrick Jansen |
| Germany | www.jabber-germany.dewww.masters-of-cloud.de | Jörg Morbitzer |
| Germany | ntp3.fau.de ntp3.ipv6.fau.de | ≤3 clients per user/org; DCF77 |
| Netherlands | ntppool1…2.time.nl | |
| Singapore | ntpmon.dcs1.biz | Sanjeev Gupta (Probably the oldest public NTS server) |
| Sweden | nts.netnod.se | Anycast |
| Sweden | sth1…2.nts.netnod.se | STH area use only |
| Switzerland (Zurich) | ntp.3eck.net | Adrian Zaugg |
| Switzerland (Winterthur) | ntp.trifence.ch ntp.zeitgitter.net | Marcel Waldvogel |
| Switzerland (Ticino) | time.signorini.ch | Attilio Signorini (Dynamic, Chrony-only) |
| USA | time.0xt.ca | Tanner Ryan |
| USA | {virginia,ohio,oregon}.time.system76.com | Mike Cifelli |
Only the servers with a name in italics in the notes have agreed to appear on this list, but all the others are self-listed as publicly available. Before using them, please follow the links to check whether they are still available and under what policy.
Other servers appear in some lists or setup instructions and may even have monitoring pages. They are not included in this list, unless there is some indication about their public availability.
More servers
NTS is an important upgrade to NTP. Hopefully, the number of NTP servers with NTS authentication will grow quickly. This should not be too hard, as all the infrastructure (e.g., Let’s Encrypt), tools, and know-how which has been used to migrate HTTP to HTTPS in the recent years can be reused. Upgrading an existing NTP server to NTS is even simpler as upgrading a web servers, as there are no problems with HTTP redirects and mixed content. (Basically, it is as easy as pointing NTPsec or Chrony to the private key and certificate chains.)
If (or when) you run a public server with NTS, please let me know, so I can add it to this list.
Teaser Image
The teaser image is based on a photograph (shown on the right) created by Диана Дунаева. The paintings have been replaced by “old vintage clocks hanging on museum walls” by DALL•E 2 and the image has been cropped.
