The IETF Committee (Internet Engineering Task Force), which develops the protocols and architecture of the Internet,
The standardization of NTS is an important step to improve the security of time synchronization services and protect users from attacks that imitate the NTP server to which the client connects. Malicious manipulation of setting the wrong time can be used to compromise the security of other time-aware protocols such as TLS. For example, changing the time can lead to incorrect interpretation of data about the validity of TLS certificates. Until now, NTP and symmetric encryption of communication channels did not make it possible to guarantee that the client interacts with the target, and not a spoofed NTP server, and key authentication has not gained popularity because it is too complicated to configure.
NTS uses Public Key Infrastructure (PKI) elements and allows the use of TLS and Authenticated Encryption with Associated Data (AEAD) encryption to cryptographically secure client-server communications over NTP (Network Time Protocol). NTS includes two separate protocols: NTS-KE (NTS Key Establishment to handle initial authentication and key negotiation over TLS) and NTS-EF (NTS Extension Fields, responsible for encryption and authentication of the time synchronization session). NTS adds several extended fields to NTP packets and stores all state information only on the client side using a cookie passing mechanism. Network port 4460 is allocated for processing connections via the NTS protocol.
The first implementations of a standardized NTS are proposed in recently published issues
Source: opennet.ru