Implementation: Client side in the query, we set the "transmit timestamp" to a random 64-bit cookie, and store both our cookie and the real transmit timestamp locally servers are required to copy that timestamp verbatim into the "originate timestamp" in the reply upon receival of the reply, we check that the originate timestamp matches the cookie It is a really cool hack, extending NTP security without any drawbacks