This is very similar to the functionality provided by tlsdate (https://github.com/ioerror/tlsdate). They appear to have eschewed tlsdate's default approach of using the timestamp from the handshake in favor of using the `Date:` field, which tlsdate also supports. It would be interesting to see whether the randomization of TLS timestamps in modern implementations of TLS might mean that tlsdate's default mode is no longer useful. Either way, it's really cool to see this sort of functionality being included in ntpd by default!
openntpd has been nothing but trouble for me, but when I switched to djb clockspeed instead, it made things better. Here's a script that runs on GFiber devices, which uses tlsdate securely for the initial timewarp, and djb clockspeed thereafter. Since switching to this we have had extremely accurate timekeeping.
[+] [-] handsomeransoms|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] apenwarr|11 years ago|reply
https://gfiber.googlesource.com/buildroot/+/master/fs/skelet...
[+] [-] krakensden|11 years ago|reply
[+] [-] VMG|11 years ago|reply
[+] [-] clarry|11 years ago|reply