MC's journal

Setting Orange, the 64 day of Confusion in the YOLD 3185

NTS developments


Once again $DAYJOB sponsored a mini hackathon in Malmö during the IETF hackathon. Martin "cos" Samuelsson, Daniel "quite" Lublin and I gathered in Netnod's southern office for two days of hacking on Network Time Security (NTS), the authenticated flavour of the Network Time Protocol (NTP).

See my first post about Network Time Security for an introduction to NTS.

The first few hours my daughter graced us with her presence and left a few traces…


Omni also came by for a while and helped us reading specs.

The hackathon sort of dragged on for a couple of days into my summer vacation. We now have a working NTS client written in Go!

NTS/NTP package

A friendly fork of beevik/ntp with NTS support:

Use it like this:

options := ntp.QueryOptions{ NTS: true, C2s: c2sKey, S2c: s2cKey }
resp, err := ntp.QueryWithOptions(server, options)

Authenticated time is now available in resp.Time.


An NTS-KE library for doing the initial key exchange:

NTS client

A small NTS client using the above libraries:

Use with -set to actually set system time.

This is still a work in progress but seems to work fine against for example and

I'm not formally working on NTS during work hours so I'm glad I had the chance to do at least something on the project.

Written by MC using Emacs and friends.