An active MITM attackr could change the system time by intercepting NTP packets. Such an attack could be used, for example, to bypass HSTS, as described in [1], which specifically criticizes Fedora's default configuration as insecure on page three (though I imagine chrony must have some limits as to how far the system clock can be changed at a time?). It looks like ntpd can be configured to prevent such if the NTP server signs its messages and the client is configured with its public key. It seems safe to assume timesyncd cannot handle this; is that correct? What's the status with chrony?
[1] https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Str...