Paul Wouters <paul@xxxxxxxxxxxxxx> wrote: > > One solution is "tlsdate" which uses the installed bundled CA (or comes > with its own) and runs TLS against a bunch of well known large sites > (using insecure DNS) and sets the time based on the TLS handshakes. I believe tlsdate currently only gets the time from one server. It would be nice if it could determine the time based on agreement of a quorum of diverse servers, so that no single source of time needs to be trusted. (I have talked about this with Jacob Appelbaum but I haven't had time to do anything about it.) Tony. -- f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.