albertson.chris@gmail.com said: > But I use a set of five different servers all controlled by different > organizations and they are geographically distributed. Also some of these > are randomly elected "pool" servers. So even I don't know who I will ask > for time. How could anyone corrupt all those servers? They don't have to corrupt the servers if they can capture some modem/router/whatever box that all of your packets go through. Classic man-in-the-middle. > And if this ever did become a problem users would simply start using > cryptographic authentication It's a problem now. Currently, there is no convenient way to do the crypto. That's why Roughtime appeared. When the software is available, somebody will need to set up a collection of well run NTP servers. It's roughly similar to the top level DNS servers. albertson.chris@gmail.com said: > All that said, there is money to be made by spoofing time. If I can fool > a stock broker into accepting trades minutes late I could be rich. I think most stock brokers have their own GPS/NTP servers. -- These are my opinions. I hate spam.