
In Search of a Secure Time Source - dankohn1
https://blog.hboeck.de/archives/890-In-Search-of-a-Secure-Time-Source.html
======
CaliforniaKarl
First off, an annoyance: I'm annoyed that there is no DHCP option to specify
"This is the current UTC time". That would let the DHCP server tell the client
what the current time is, with enough accuracy for most things. I mean, if
you're already trusting in the info already provided by DHCP, you might as
well trust this, too.

DHCP Options 152-155 (from
[http://www.iana.org/go/rfc6926](http://www.iana.org/go/rfc6926)) might work,
but that's part of a different standard.

Anyway, the main thing I wanted to note is that your ISP likely already has
NTP servers that you can use. You might even be getting them, via DHCP Options
4 and/or 42 (though 42 is more appropriate). At least that way, your NTP
queries don't go out to the wider Internet.

If you have your own network, then you should have an NTP server. The bigger
the network, the more NTP servers you should have. Each NTP server should be
getting time from 10 different upstream servers (stratum 1 or 2). Ten is the
maximum number of NTP servers which NTPd will check at once. Querying more NTP
servers will allow NTPd to identify and exclude "falsetickers", which are
serving bad time.

Ideally, your NTP servers should have a local source. "Local source" means you
are getting time from a device which queries something like GPS, GLONASS,
WWVB, etc.. That way, when the local source is working, your NTP server
becomes stratum-1; when not working, your NTP server becomes stratum-2 or -3,
but can still serve time within your network.

If you have multiple NTP servers, each one should have a different local
source: One checking GPS, one checking WWVB, one checking GLONASS, etc.. You
can tell NTPd that each of your servers should peer with the others, to
increase accuracy. You could even have multiple local sources on each server.

All of the is still unencrypted, though, but it is mitigated by keeping the
NTP traffic within your own network. And also by having so many different time
sources, it's possible to identify bad ones.

