Roughtime: Securing Time with Digital Signatures

Cloudflare has introduced a free, high-availability, and low-latency authenticated time service called Roughtime, available at roughtime.cloudflare.com on port 2002. The protocol is designed to be simple and flexible, allowing clients to synchronize their clocks with one or more authenticated servers. It aims to provide accurate enough time for cryptographic applications while ensuring security against man-in-the-middle attacks. Roughtime offers two features designed to make it scalable: batch signing of requests and execution over UDP. The protocol is flexible enough to support a variety of use cases, including web browsers proactively synchronizing their clocks when validating TLS certificates or retroactively avoiding showing users too many warnings.