Ooo, great find on the delay attack. I'll read up on that one today, but I think you're right.
The terms I'm using for this are web-native and a demo. Certainly not simple.
robalex
joined 2 years ago
Hey, author here. You're asking a couple questions, which I'll try to unpack.
You're right to be suspicious that Cloudflare CDN servers have the right time. I tried to call out that concern in the post. Cloudflare operates time services, but their CDN is not a time service and wouldn't be operated under the same controls. How accurate those servers are is an open question.
When writing the post I observed NTP client logs, a GPS-based clock, and the CDN-based clock report time that agreed within their stated error bounds. I've also seen NTP-synchronized and mobile network synchronized system clocks that fell outside the estimates of those other clocks. So it's an "odd one out" situation.
But I think you are asking the right questions!
Cool, thanks for taking a look! Do you know of any official reference for how the Cloudflare CDN server clocks are synced? I looked around but didn't find one.
I originally built the clock on Fastly, but they (appear to) have clock offsets of hundreds of milliseconds, so I didn't release that version. Cloudflare CDN seems synchronized better than what I can measure, although I'm wary of hard to test corner cases, like newly deployed servers.