I wonder if this feature might be “infectious”: if a handful of servers wind up with the wrong time, and start propagating that wrong time in their server handshakes, it might cause a cascade of other servers to reset their times too.
In any case, it seems like a poor solution especially given that random timestamps can occasionally look valid (they’re random!).
The problem they’re trying to solve seems to be to obtain a trustworthy timestamp in the presence of a potentially hostile network - one that could be presenting expired, cracked certificates for every connection to arbitrarily tamper with all SSL connections. It’s not a trivial problem, for sure, but resetting perfectly valid clocks using this algorithm seems like a strict downgrade….
Funny thing is that it does refuse to change the time when the delta is large. So it trusts these random bytes in the TLS handshake blindly, but when it gets the correct time from the time server some seconds later, it doesn't dare to change the time as the delta is too large!
In any case, it seems like a poor solution especially given that random timestamps can occasionally look valid (they’re random!).
The problem they’re trying to solve seems to be to obtain a trustworthy timestamp in the presence of a potentially hostile network - one that could be presenting expired, cracked certificates for every connection to arbitrarily tamper with all SSL connections. It’s not a trivial problem, for sure, but resetting perfectly valid clocks using this algorithm seems like a strict downgrade….