[DO NOT MERGE YET] [Time Services] Cleaned up language, organization,…

… and formatting for Time services (cloudflare#3902) * Cleaned up language, organization, and formatting for Time services * Apply suggestions from code review Co-authored-by: marciocloudflare <[email protected]> * Update content/time-services/nts.md Co-authored-by: Luke Valenta <[email protected]> * Added redirects * Updated redirect typo :( * Included non-slashed redirects Co-authored-by: marciocloudflare <[email protected]> Co-authored-by: Luke Valenta <[email protected]>
dpuga1 · Mar 24, 2022 · 774abb2 · 774abb2
1 parent 14eaa9f
commit 774abb2
Show file tree

Hide file tree

Showing 13 changed files with 219 additions and 254 deletions.
diff --git a/content/_redirects b/content/_redirects
@@ -929,6 +929,11 @@
 /magic-transit/get-started/requirements /magic-transit/prerequisites/ 301
 /magic-transit/get-started/requirements/ /magic-transit/prerequisites/ 301
 
+# time services redirects
+/time-services/nts/usage/ /time-services/nts/ 301
+/time-services/nts/usage /time-services/nts/ 301
+/time-services/roughtime/about/ /time-services/roughtime/ 301
+/time-services/roughtime/about /time-services/roughtime/ 301
 
 ### DYNAMIC REDIRECTS ###
 /access/configuring-identity-providers/* /cloudflare-one/identity/idp-integration/:splat 301

diff --git a/content/time-services/_index.md b/content/time-services/_index.md
@@ -1,5 +1,5 @@
 ---
-title: Welcome
+title: Overview
 pcx-content-type: overview
 type: overview
 weight: 1
@@ -8,16 +8,8 @@ meta:
   title: Cloudflare Time Services docs
 ---
 
-# Cloudflare Time Services docs
-
-{{<content-column>}}
+# Cloudflare Time Services
 
 Learn more about Cloudflare’s suite of time services.
 
-{{<button-group>}}
-  {{<button type="primary" href="/time-services/ntp/">}}NTP{{</button>}}
-  {{<button type="primary" href="/time-services/nts/">}}NTS{{</button>}}
-  {{<button type="primary" href="/time-services/roughtime/">}}Roughtime{{</button>}}
-{{</button-group>}}
-
-{{</content-column>}}
+{{<directory-listing>}}
diff --git a/content/time-services/_partials/_ntp-definition.md b/content/time-services/_partials/_ntp-definition.md
@@ -0,0 +1,8 @@
+---
+_build:
+  publishResources: false
+  render: never
+  list: never
+---
+
+[Network Time Protocol](https://tools.ietf.org/html/rfc1305) (NTP) is an Internet protocol designed to synchronize time between computer systems communicating over unreliable and variable-latency network paths. Cloudflare offers its version of NTP for free so you can use our [global Anycast network](https://www.cloudflare.com/network/) to synchronize time from our closest server.
diff --git a/content/time-services/ntp/_index.md b/content/time-services/ntp/_index.md
@@ -6,6 +6,16 @@ weight: 2
 
 # Network Time Protocol
 
-[Network Time Protocol](https://tools.ietf.org/html/rfc1305) (NTP) is an Internet protocol designed to synchronize time between computer systems communicating over unreliable and variable-latency network paths.
+{{<render file="_ntp-definition.md">}}
 
-NTP works by having a client send a query packet out to an NTP server that then responds with its clock time. The client then computes an estimate of the difference between its clock and the remote clock and attempts to compensate for network delay in this. NTP client queries multiple servers and implements algorithms to select the best estimate, and rejects clearly wrong answers.
+## Background
+
+NTP works by having a client send a query packet out to an NTP server that then responds with its clock time. The client then computes an estimate of the difference between its clock and the remote clock and attempts to compensate for any network delay. The NTP client then queries multiple servers and implements algorithms to select the best estimate.
+
+Cloudflare does not implement leap smearing: NTP includes a Leap Indicator field [spec](https://tools.ietf.org/html/rfc5905#section-7.3) and the kernel will apply the leap second correction at the appropriate time. This is the behavior servers in `pool.ntp.org` share. Using servers that smear time along with servers that do not may lead to unpredictable and anomalous results.
+
+## Next steps
+
+For more background information about NTP, refer to the [introductory blog](https://blog.cloudflare.com/secure-time/).
+
+To enable NTP on your device, refer to our [Usage guide](/time-services/ntp/usage/).
diff --git a/content/time-services/ntp/usage.md b/content/time-services/ntp/usage.md
@@ -8,35 +8,32 @@ meta:
 
 # Using Cloudflare's Time Service
 
-Cloudflare offers a free public time service that allows you to use our anycast network of 180+ locations to synchronize time from our closest server. To use our NTP server, change the time configuration in your device to point to `time.cloudflare.com`.
+{{<render file="_ntp-definition.md">}}
 
-We do not implement leap smearing: NTP includes a Leap Indicator field [spec](https://tools.ietf.org/html/rfc5905#section-7.3) and the kernel will apply the leap second correction at the appropriate time. This is the behavior servers
-in pool.ntp.org share. Using servers that smear time along with servers that do not may lead to unpredictable and anomalous results.
+To use our NTP server, change the time configuration in your device to point to `time.cloudflare.com`.
 
-Here is an example of how to configure your Mac to synchronize time from time.cloudflare.com:
+## MacOs
 
-1.  Go to System Preferences
-2.  Go to Date & Time
-3.  Click the lock icon on the bottom left to make changes
-4.  Enter your password
-5.  Next to Set date and time automatically, enter `time.cloudflare.com`
+To have your Mac to synchronize time from `time.cloudflare.com`:
 
-![MacOS](/time-services/static/mactime.png)
+1.  Go to **System Preferences**.
+2.  Go to **Date & Time**.
+3.  Click the lock icon on the bottom left to make changes.
+4.  Enter your password.
+5.  Next to **Set date and time automatically**, enter `time.cloudflare.com`.
 
-... and you're all set!
+![Screenshot of updating the Date & Time settings on machine running MacOS](/time-services/static/mactime.png)
 
-Here is an example of how to configure your Windows computer to synchronize time from time.cloudflare.com:
+## Windows
 
-1.  Go to Control Panel
-2.  Go to Clock and Region
-3.  Click on Date and Time
-4.  Go to the Internet Time tab
-5.  Click Change settings..
-6.  Next to Server:, type `time.cloudflare.com` and click 'Update now'
-7.  Click 'OK'
+To have your Windows machine synchronize time from `time.cloudflare.com`:
 
-![Windows](/time-services/static/window.png)
+1.  Go to **Control Panel**.
+2.  Go to **Clock and Region**.
+3.  Click **Date and Time**.
+4.  Go to the **Internet Time** tab.
+5.  Click **Change settings..**
+6.  For **Server:**, type `time.cloudflare.com` and click **Update now**.
+7.  Click **OK**.
 
-You should receive the following message, letting you know that you have successfully synchronized your time.
-
-![](/time-services/static/windowtime2.png)
+![Screenshot of updating the Date and Time settings on machine running Windows](/time-services/static/window.png)
diff --git a/content/time-services/nts.md b/content/time-services/nts.md
@@ -0,0 +1,22 @@
+---
+pcx-content-type: concept
+title: Network Time Security
+weight: 3
+---
+
+# Network Time Security
+
+Network Time Security (NTS) provides cryptographic security for the client-server mode of the Network Time Protocol (NTP). This allows users to obtain time in an authenticated manner.
+
+## Background
+
+The NTS protocol is divided into two phases:
+
+1. **NTS key exchange**: Establishes the necessary key material between the NTP client and the server, using a [Transport Layer Security (TLS) handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) (the same public key infrastructure as the web). Once the keys are exchanged, the TLS channel is closed and the protocol enters the second phase. 
+2. **NTP authentication**: Authenticates NTP time syncronization packets using the results of the TLS handshake. For more information, refer to [RFC 8915](https://tools.ietf.org/html/rfc8915).
+
+## Next steps
+
+[Chrony](https://chrony.tuxfamily.org/doc/devel/chrony.conf.html) and [NTPsec](https://www.ntpsec.org/) have support for NTS. Read the relevant documentation for guidance on setting them up to point to our time service, `time.cloudflare.com`.
+
+If you would like to hear about the development of additional clients or updates on our service or would like to announce that your client supports NTS, email `[email protected]` to be added to our distribution list.
diff --git a/content/time-services/nts/_index.md b/content/time-services/nts/_index.md
diff --git a/content/time-services/nts/usage.md b/content/time-services/nts/usage.md
diff --git a/content/time-services/roughtime/_index.md b/content/time-services/roughtime/_index.md
@@ -6,23 +6,18 @@ weight: 4
 
 # Roughtime
 
-[Roughtime](https://roughtime.googlesource.com/roughtime) is a simple, flexible,
-and secure authenticated time protocol developed by Google. This page introduces
-the key concepts of the protocol and demonstrates how to use Cloudflare's
-Roughtime service to ensure your clock is always (roughly) in sync.
-
-The "Hello, world!" of Roughtime is very simple: the client sends a request over
-UDP to the server and the server responds with a signed timestamp.  To run the
-protocol, you just need the server's address and public key. To get started,
-download and run our Go client:
-
-    $ go get -u github.com/cloudflare/roughtime
-    $ go install github.com/cloudflare/roughtime...
-    $ getroughtime -ping roughtime.cloudflare.com:2002 -pubkey gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo=
-    ping response: 2018-09-12 16:59:39.141 -0700 PDT ±1s (in 10ms)
-
-That's it — authenticated time! Why is this interesting and what is it about
-the protocol that makes it "rough"?  Proceed to learn more about Roughtime and
-its security features with a more in-depth look at our
-[blog post](https://blog.cloudflare.com/roughtime/) about the launch of
-Cloudflare Roughtime.
+[Roughtime](https://roughtime.googlesource.com/roughtime) is a simple, flexible, and secure authenticated time protocol developed by Google. 
+
+## Background
+
+Endpoints on the Internet often synchronize their clocks using the [Network Time Protocol (NTP)](/time-services/ntp/). NTP provides precise synchronization, but is frequently deployed without a means of authentication. This is due to a [combination of issues](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/dowling).
+
+As a result, a man-in-the-middle attacker can easily influence a victim’s clock. By moving them back in time, the attacker can, for example, force a victim to accept an expired (and possibly compromised) TLS certificate or session ticket.
+
+For many applications, *precise* network time is not essential. It is sufficient to have *accurate* time to mitigate these kinds of attacks, such as within 10 seconds of real time. This observation is the primary motivation behind Roughtime.
+
+## Next steps
+
+For more technical details on Roughtime, refer to the [introductory blog post](https://blog.cloudflare.com/roughtime/).
+
+To get started, refer to [Get the Roughtime](/time-services/roughtime/usage/). For more practical guidance on using the Roughtime, refer to our [how-to guide](/time-services/roughtime/recipes/).
diff --git a/content/time-services/roughtime/about.md b/content/time-services/roughtime/about.md