Implementation: Client side


What if someone sends us forged ntp replies?
when we send our query, we set the "transmit timestamp" to a random 64-bit cookie, and store both our cookie and the real transmit timestamp locally

servers are required to copy that timestamp verbatim into the "originate timestamp" in the reply

upon receival of the reply, we check that the originate timestamp matches the cookie we sent with the query - if they don't match, we have a case of forgery

and of course we invalidate the cookie once we received an reply with it