further improve documentation on GrapheneOS HTTPS time sync

Signed-off-by: r3g_5z <june@girlboss.ceo>
2023-03-19 00:47:28 -04:00 · 2023-03-19 00:47:28 -04:00 · 75f8b8d553
commit 75f8b8d553
parent 7246f78148
1 changed files with 11 additions and 7 deletions
--- a/static/faq.html
+++ b/static/faq.html
@ -806,13 +806,17 @@
                            repository.</p>
                        </li>
                        <li>
-                            <p>An HTTPS connection is made to https://time.grapheneos.org/ to update the
+                            <p>An HTTPS connection is made to https://time.grapheneos.org/generate_204 to
-                            time from the date header field. This is a full replacement of Android's
+                            update the time from the custom X-Time header field, which has millisecond
-                            standard network time update implementation, which uses the cellular network
+                            precision, or falls back to the Date header if X-Time is not available with less
-                            when available with a fallback to SNTP when it's not available. Network time
+                            precision. GrapheneOS also lowers the system clock drift warning from 2000 milliseconds
-                            updates are security sensitive since certificate validation depends on having
+                            to 250 milliseconds, and the time update threshold from 2000 milliseconds to 50
-                            an accurate time, but the standard NTP / SNTP protocols used across most OSes
+                            milliseconds. This is a full and more precise replacement of Android's standard
-                            have no authentication.</p>
+                            network time update implementation, which uses the cellular network when available
                            with a fallback to SNTP when it's not available. Network time updates are security
                            sensitive since certificate validation depends on having an accurate time, but
                            the standard NTP / SNTP protocols used across most OSes have no authentication
                            or encryption.</p>
                            <p>We plan to offer a toggle to use the standard functionality instead of
                            HTTPS-based time updates in order to blend in with other devices.</p>