[time-nuts] Roughtime
Hal Murray
hmurray at megapathdsl.net
Wed Oct 5 01:59:00 EDT 2016
albertson.chris at gmail.com said:
> But I use a set of five different servers all controlled by different
> organizations and they are geographically distributed. Also some of these
> are randomly elected "pool" servers. So even I don't know who I will ask
> for time. How could anyone corrupt all those servers?
They don't have to corrupt the servers if they can capture some
modem/router/whatever box that all of your packets go through. Classic
man-in-the-middle.
> And if this ever did become a problem users would simply start using
> cryptographic authentication
It's a problem now. Currently, there is no convenient way to do the crypto.
That's why Roughtime appeared.
When the software is available, somebody will need to set up a collection of
well run NTP servers. It's roughly similar to the top level DNS servers.
albertson.chris at gmail.com said:
> All that said, there is money to be made by spoofing time. If I can fool
> a stock broker into accepting trades minutes late I could be rich.
I think most stock brokers have their own GPS/NTP servers.
--
These are my opinions. I hate spam.
More information about the time-nuts
mailing list