The current system is very secure. The paper is correct in the most users
don't bother with authentication or encryption. I don't. But let's say
some one tried to spoof me into thinking it is three seconds later then it
really is by some how setting up an NTP server that gives me incorrect
time. It would be easy to set up such a server
But I use a set of five different servers all controlled by different
organizations and they are geographically distributed. Also some of these
are randomly elected "pool" servers. So even I don't know who I will ask
for time. How could anyone corrupt all those servers? The thing that
makes it secure is that it is VERY hard to lie about what time it is. It
is almost impossible to lie about the time of day because there are some
many people one might ask and if you lie your answer will different from
the others
And if this ever did become a problem users would simply start using
cryptographic authentication
This reminds me of when they tied to scramble your location with GPS.
(called SA) They would set the low order bits to what were in effect
random bits that you could not decode without knowing a the cryptographic
key. So GPS lied to civilian users about their location. Then some
smart guy thought "how can any one lie about where I am when I can look
down and see a survey marker hammered into the concrete. All you need is a
network of users standing over survey markers to figure out
All that said, there is money to be made by spoofing time. If I can fool
a stock broker into accepting trades minutes late I could be rich.
On Tue, Oct 4, 2016 at 9:14 PM, Christopher Hoover ch@murgatroid.com
wrote:
--
Chris Albertson
Redondo Beach, California
The current system is very secure. The paper is correct in the most users
don't bother with authentication or encryption. I don't. But let's say
some one tried to spoof me into thinking it is three seconds later then it
really is by some how setting up an NTP server that gives me incorrect
time. It would be easy to set up such a server
But I use a set of five different servers all controlled by different
organizations and they are geographically distributed. Also some of these
are randomly elected "pool" servers. So even I don't know who I will ask
for time. How could anyone corrupt all those servers? The thing that
makes it secure is that it is VERY hard to lie about what time it is. It
is almost impossible to lie about the time of day because there are some
many people one might ask and if you lie your answer will different from
the others
And if this ever did become a problem users would simply start using
cryptographic authentication
This reminds me of when they tied to scramble your location with GPS.
(called SA) They would set the low order bits to what were in effect
random bits that you could not decode without knowing a the cryptographic
key. So GPS lied to civilian users about their location. Then some
smart guy thought "how can any one lie about where I am when I can look
down and see a survey marker hammered into the concrete. All you need is a
network of users standing over survey markers to figure out
All that said, there is money to be made by spoofing time. If I can fool
a stock broker into accepting trades minutes late I could be rich.
On Tue, Oct 4, 2016 at 9:14 PM, Christopher Hoover <ch@murgatroid.com>
wrote:
> I just learned about this from a public post:
>
> https://roughtime.googlesource.com/roughtime/
>
> Not precise enough for us nuts, but intended to be secure.
>
> (I wonder how it handles leap seconds? Too soon? :-) Actually, it
> smears.)
>
> -christopher.
> de AI6KG
> _______________________________________________
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
--
Chris Albertson
Redondo Beach, California
