The current system is very secure. The paper is correct in the most users don't bother with authentication or encryption. I don't. But let's say some one tried to spoof me into thinking it is three seconds later then it really is by some how setting up an NTP server that gives me incorrect time. It would be easy to set up such a server
But I use a set of five different servers all controlled by different organizations and they are geographically distributed. Also some of these are randomly elected "pool" servers. So even I don't know who I will ask for time. How could anyone corrupt all those servers? The thing that makes it secure is that it is VERY hard to lie about what time it is. It is almost impossible to lie about the time of day because there are some many people one might ask and if you lie your answer will different from the others And if this ever did become a problem users would simply start using cryptographic authentication This reminds me of when they tied to scramble your location with GPS. (called SA) They would set the low order bits to what were in effect random bits that you could not decode without knowing a the cryptographic key. So GPS lied to civilian users about their location. Then some smart guy thought "how can any one lie about where I am when I can look down and see a survey marker hammered into the concrete. All you need is a network of users standing over survey markers to figure out All that said, there is money to be made by spoofing time. If I can fool a stock broker into accepting trades minutes late I could be rich. On Tue, Oct 4, 2016 at 9:14 PM, Christopher Hoover <[email protected]> wrote: > I just learned about this from a public post: > > https://roughtime.googlesource.com/roughtime/ > > Not precise enough for us nuts, but intended to be secure. > > (I wonder how it handles leap seconds? Too soon? :-) Actually, it > smears.) > > -christopher. > de AI6KG > _______________________________________________ > time-nuts mailing list -- [email protected] > To unsubscribe, go to https://www.febo.com/cgi-bin/ > mailman/listinfo/time-nuts > and follow the instructions there. > -- Chris Albertson Redondo Beach, California _______________________________________________ time-nuts mailing list -- [email protected] To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
