From 75f8b8d553be4a9fd79da7b40be41bd5dda206a2 Mon Sep 17 00:00:00 2001 From: r3g_5z Date: Sun, 19 Mar 2023 00:47:28 -0400 Subject: [PATCH] further improve documentation on GrapheneOS HTTPS time sync Signed-off-by: r3g_5z --- static/faq.html | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/static/faq.html b/static/faq.html index 9feab50a..38de71fb 100644 --- a/static/faq.html +++ b/static/faq.html @@ -806,13 +806,17 @@ repository.

  • -

    An HTTPS connection is made to https://time.grapheneos.org/ to update the - time from the date header field. This is a full replacement of Android's - standard network time update implementation, which uses the cellular network - when available with a fallback to SNTP when it's not available. Network time - updates are security sensitive since certificate validation depends on having - an accurate time, but the standard NTP / SNTP protocols used across most OSes - have no authentication.

    +

    An HTTPS connection is made to https://time.grapheneos.org/generate_204 to + update the time from the custom X-Time header field, which has millisecond + precision, or falls back to the Date header if X-Time is not available with less + precision. GrapheneOS also lowers the system clock drift warning from 2000 milliseconds + to 250 milliseconds, and the time update threshold from 2000 milliseconds to 50 + milliseconds. This is a full and more precise replacement of Android's standard + network time update implementation, which uses the cellular network when available + with a fallback to SNTP when it's not available. Network time updates are security + sensitive since certificate validation depends on having an accurate time, but + the standard NTP / SNTP protocols used across most OSes have no authentication + or encryption.

    We plan to offer a toggle to use the standard functionality instead of HTTPS-based time updates in order to blend in with other devices.