| Internet-Draft | TSQ | July 2025 |
| McCollum | Expires 29 January 2026 | [Page] |
This document proposes a modern, secure, and extensible time synchronization protocol designed to operate over the QUIC transport protocol. Known as TSQ (Time Synchronization over QUIC), this protocol aims to address the limitations of traditional NTP by leveraging QUIC's encryption, widespread UDP/443 acceptance, and multiplexed stream capabilities. TSQ is designed for contemporary deployment environments, including enterprise networks, cloud-native systems, containers, and mobile devices, where traditional UDP-based NTP struggles with security, scalability, or operational reliability.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 29 January 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Time synchronization is foundational to modern computing. It underpins authentication systems, log correlation, distributed transactions, and more. NTP, the current standard, was designed in a different era and brings challenges related to security, deployment compatibility, and extensibility. TSQ is proposed as a new protocol built directly on top of QUIC, leveraging its modern transport features to provide secure, authenticated, and operationally-friendly time synchronization.¶
TSQ is intended to:¶
Provide secure and authenticated time synchronization¶
Support modern deployment scenarios¶
Operate in environments where UDP/123 is blocked¶
Be extensible and future-proof¶
Scale for enterprise and cloud¶
TSQ is not intended to:¶
TSQ uses QUIC as its transport, establishing secure, short-lived connections. A typical exchange:¶
TSQ relies on QUIC’s handshake for mutual authentication, confidentiality, and replay protection. Optional Ed25519 or HMAC signatures can be added if auditability is required. By default, QUIC session integrity suffices.¶
Short-lived connections, session resumption, and optional stateless design support scalability. TSQ is suitable for enterprise and cloud deployments.¶
TSQ Request¶
TSQ Response¶
The following table highlights key differences between traditional NTP, NTS, and the proposed TSQ protocol:¶
| Feature | NTP | NTS | TSQ |
|---|---|---|---|
| Transport | UDP | UDP+TLS | QUIC (UDP/443) |
| Encryption | No | Yes | Always |
| Extensibility | Low | Medium | High |
| Mobile Support | No | No | Yes |
| Precision Mode | No | No | Yes |
QUIC is a UDP-based transport protocol that provides multiplexed, stream-based delivery with built-in encryption and connection migration. It combines transport and cryptographic handshake layers, simplifying deployment behind NATs and firewalls. TSQ builds on QUIC to inherit its confidentiality, integrity, and path-resilience characteristics.¶
Mobile support in TSQ leverages QUIC's connection ID and migration capabilities. When a mobile device changes IP addresses (e.g., Wi-Fi to LTE), the QUIC connection remains valid as long as the connection ID is preserved, enabling uninterrupted time synchronization.¶
Precision Mode refers to TSQ’s optional support for fixed-length packets and constant-time processing. This reduces jitter introduced by variable processing times and packet sizes, improving accuracy in latency-sensitive environments.¶
The Server Time field in TSQ responses provides a consistent reference for clients even when timestamp echoing is used. Including it explicitly simplifies validation and debugging, particularly when clock discrepancies or replay concerns are involved.¶
To minimize timing variance, TSQ recommends maintaining symmetry between request and response packet sizes. While QUIC encrypts and pads payloads, preserving symmetry at the application level helps reduce bias in round-trip delay calculations.¶
TSQ can coexist with other protocols over QUIC on port 443 using Application-Layer Protocol Negotiation (ALPN). This avoids conflicts and enables unified endpoint services, allowing TSQ to blend with HTTPS or other QUIC-based services on the same port.¶
TSQ may also use QUIC datagrams for lightweight synchronization. These datagrams are encrypted and authenticated using the same keys as QUIC streams but offer unreliable delivery. The transport-layer AEAD encryption offloads per-packet crypto from the application, maintaining confidentiality without additional cost to TSQ servers.¶
Thanks to contributors from the QUIC and NTP working groups for input on timing accuracy and protocol design.¶
Roughtime [ROUGHTIME] is a secure time authentication protocol designed to provide coarse-grained time (typically accurate within a few seconds) using cryptographic proofs. It is particularly useful in scenarios where a system needs to verify that its clock is reasonably accurate before performing sensitive operations such as certificate validation.¶
Unlike TSQ, which aims to deliver secure and precise time synchronization suitable for continuous use in enterprise, mobile, and containerized environments, Roughtime focuses on bootstrapping trust in time from potentially untrusted states. Roughtime servers are stateless and optimized for high-throughput, low-complexity validation rather than tight synchronization.¶
As such, TSQ and Roughtime serve complementary purposes. Roughtime may help systems establish an initial level of temporal trust, while TSQ provides ongoing synchronization over a secure and extensible transport protocol.¶
This document has no IANA actions.¶