Hey, > I thought that main issue that TLS layer requires already good time, > otherwise certificates in the chain may not pass the verification.
That is valid too, however the reason is explained in ntpd.conf(5) > ntpd(8) can be configured to query the `Date' from trusted HTTPS > servers via TLS. This time information is not used for precision but > acts as an authenticated constraint, thereby reducing the impact of > unauthenticated NTP man-in-the-middle attacks. Received NTP packets > with time information falling outside of a range near the constraint > will be discarded and such NTP servers will be marked as invalid. Take care, -- Polarian Jabber/XMPP: [email protected]
