When GPS is working, time transmission with accuracies of under 1 microsecond is common. This is especially true if the GPS integrates some sort of disciplined oscillator. Note that this is in excess of what NTPd running on a typical OS can reliably retransmit.
BUT.. if I was to choose only one protocol, it would be NTP, not GPS, because of all of the reasons you mention. I find it distressing that sites are relying on GPS only. I suspect that this a failure to assign proper risk to using GPS. It's particularly odd when one considers that adding NTP time sources are essentially free and improve robustness and reliability greatly. NTP is not without it's risks but the most common server implementation is specifically designed to be able to discard time sources which are not telling the truth, provided the server is given enough valid time sources. Even if a spoofed or misconfigured server is giving the wrong time, NTPd will be able to ignore those errant time sources. When configured with numerous network time sources and a GPS source, NTPd will determine what the correct time should be, and then will use the higher accuracy GPS source to improve the overall accuracy. This is more or less automatic since the latency to the GPS time source will be essentially zero when compared to a typical network source. However, if the GPS source starts lying about the time, NTPd will start ignoring it as a potential time source even with the lower latency. Without having non-GPS sources in your configuration, this essentially free protection against GPS spoofing is no longer available since it has nothing to compare it to. If your network is large enough that you could install multiple GPS receivers in diverse locations, then I'd configure all of the NTPd servers to pull from all of the GPS receivers. That way you gain additional redundancy. I'd still not drop the public trusted NTP servers though. On Tue, Aug 8, 2023, 2:58 PM John Gilmore <g...@toad.com> wrote: > > I was also speaking specifically about installing GPS antennas in > > viable places, not using a facility-provided GPS or NTP service. > > Am I confused? Getting the time over a multi-gigabit Internet from a > national time standard agency such as NIST (or your local country's > equivalent) should produce far better accuracy and stability than > relying on locally received GPS signals. GPS uses very weak radio > signals which are regularly spoofed by all sorts of bad actors: > > https://www.gps.gov/spectrum/jamming/ > > for all sorts of reasons (like misleading drone navigation): > > https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident > > Depending on satnav systems creates a large single point of failure for > worldwide civilian infrastructure. > > Jamming GPS with subtly fake time data near big data centers seems like > an easy move that would cause all sorts of distributed algorithms to > start failing in unusual ways. And in a more serious wartime attack, > many or most GPS satellites themselves would be destroyed or disabled. > Yet digital radio modulations like FT8 or DMR rely on tight time > synchronization among different transmitters. So do many modern > cellphone modulations -- not to mention distributed database sync > algorithms. Depending on any of these for emergency communications when > their time comes from GPS, is a recipe for having no communications > during wars or cyber-wars in which GPS satellites are attacked or > jammed. See a longer explanation here: > > https://www.ardc.net/apply/grants/2020-grants/grant-ntpsec/ > > I suspect that even today, if you rely on civilian GPS time near the US > White House, Pentagon, or other military targets like bases, you will > discover "anomalies" in the local radio GPS data, compared to what you > get from an authenticated time standard over NTP. How reliable is > civilian GPS time in Ukraine these days? > > John > >
