Paul Wouters <paul(_at_)cypherpunks(_dot_)ca> wrote:
One solution is "tlsdate" which uses the installed bundled CA (or comes
with its own) and runs TLS against a bunch of well known large sites
(using insecure DNS) and sets the time based on the TLS handshakes.
I believe tlsdate currently only gets the time from one server. It would
be nice if it could determine the time based on agreement of a quorum of
diverse servers, so that no single source of time needs to be trusted. (I
have talked about this with Jacob Appelbaum but I haven't had time to do
anything about it.)
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.