Time Synchronization over QUIC
Cisco Systems
gmccollu@cisco.com
Network Time Protocols
This document proposes a modern, secure, and extensible time synchronization protocol designed to operate over the QUIC transport protocol. Known as TSQ (Time Synchronization over QUIC), this protocol aims to address the limitations of traditional NTP by leveraging QUIC's encryption, widespread UDP/443 acceptance, and multiplexed stream capabilities. TSQ is designed for contemporary deployment environments, including enterprise networks, cloud-native systems, containers, and mobile devices, where traditional UDP-based NTP struggles with security, scalability, or operational reliability.
Time synchronization is foundational to modern computing. It underpins authentication systems, log correlation, distributed transactions, and more. NTP, the current standard, was designed in a different era and brings challenges related to security, deployment compatibility, and extensibility. TSQ is proposed as a new protocol built directly on top of QUIC, leveraging its modern transport features to provide secure, authenticated, and operationally-friendly time synchronization.
TSQ is intended to:
Provide secure and authenticated time synchronization
Support modern deployment scenarios
Operate in environments where UDP/123 is blocked
Be extensible and future-proof
Scale for enterprise and cloud
TSQ is not intended to:
Replace NTP in ultra-precise or constrained devices
Replace public NTP infrastructure without optimization
TSQ uses QUIC as its transport, establishing secure, short-lived connections. A typical exchange:
Client opens a QUIC connection to the TSQ server (UDP/443).
Client sends a TSQ Request with nonce and timestamp request.
Server replies with timestamps, echoed nonce, and metadata.
Client calculates RTT and adjusts clock accordingly.
TSQ relies on QUIC’s handshake for mutual authentication, confidentiality, and replay protection. Optional Ed25519 or HMAC signatures can be added if auditability is required. By default, QUIC session integrity suffices.
Short-lived connections, session resumption, and optional stateless design support scalability. TSQ is suitable for enterprise and cloud deployments.
TSQ Request
Type: 0x01
Nonce (16 bytes)
Optional extensions
TSQ Response
Type: 0x02
Echoed Nonce
Server Time
Receive Timestamp
Send Timestamp
Optional metadata and signature
Cloud/container infrastructure
Mobile clients
Firewalled enterprise networks
High-precision timing visibility
Comparison to Existing Protocols
The following table highlights key differences between traditional NTP, NTS, and the proposed TSQ protocol:
Feature
NTP
NTS
TSQ
TransportUDPUDP+TLSQUIC (UDP/443)
EncryptionNoYesAlways
ExtensibilityLowMediumHigh
Mobile SupportNoNoYes
Precision ModeNoNoYes
Solicit feedback on sync behavior and design
Improve trust and crypto model
Implement prototype in QUIC
Submit official Internet-Draft if interest grows
Thanks to contributors from the QUIC and NTP working groups for input on timing accuracy and protocol design.
Network Time Security for the Network Time Protocol
Security Requirements of Time Protocols in Packet Switched Networks
QUIC: A UDP‑Based Multiplexed and Secure Transport
An Unreliable Datagram Extension to QUIC
Applicability of the QUIC Transport Protocol
This document has no IANA actions.