On Aug 14, 2023, at 3:07 AM, Forrest Christian (List Account) <lists@packetflux.com> wrote:

I've responded in bits and pieces to this thread and haven't done an excellent job expressing my overall opinion. This is probably because my initial goal was to point out that GPS-transmitted time is no less subject to being attacked than your garden variety NTP-transmitted time. Since this thread has evolved, I'd like to describe my overall position to be a bit clearer.

<SNIP/>

And finally, as a sort of a tl;dr; Summary: Each operator needs to decide how critical time is to their network and pick a solution that works for them and fits the organization's budget. Some operators might point everything at pool.ntp.org and not run their own servers. Others might run their own time lab and use that time to provide NTP time and precision time and frequency via various methods. Most will be somewhere in between. But regardless of which you choose, please be aware that GPS isn't 100% secure, and neither is NTP. If attack resilience matters to you, you should think about all of the attack vectors and design something that is robust enough to meet your use case.

Twenty-five or so years ago my design process for providing Network Time Service to a large company intranet started with the business requirements for time service. The Management practice of “Not in my cost center” was fundamental to NOT attempting GPS-based deployment. The internal enterprise network provided a set of geographically distributed Stratum 2 servers having carefully firewalled access to a similar set of Stratum 1 servers with Internet access. The Stratum 0 server set list included NIST, USNO, and other similar sources distributed globally.