BTW draft-aanchal-time-implementation-guidance-00.txt
(presented at IEPG during IETF 100 meeting now)
talks about similar issue in DNS (vs DHCP) and
recommends too on POSIX systems to use
a monotonic clock (vs gettimeofday()) which cannot
be attacked off path.