On Fri, Dec 12, 2014 at 11:44 AM, Chris Bentzel <cben...@chromium.org> wrote:
> +zea
>
> akalin@ and zea@ at one point were looking at network time for sync.
> Not sure what happened with that.

ChromeOS uses the timestamp in the server_nonce of TLS handshakes with
Google to set its clock. That's pretty good but there is a bit of
circularity in that you validate the TLS connection using certificates
for which you need a clock to consider expiry.

I've long pondered setting up a UDP service that signs submitted
nonces (perhaps with batching for overload) as a secure, rough version
of NTP. The problem is that it's another service to run and using a
TLS connection has firewall advantages.


Cheers

AGL