[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

To: The Tails public development discussion list <tails-dev@xxxxxxxx>
Subject: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Thu, 11 Apr 2013 06:56:18 +0000
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 Apr 2013 03:11:04 -0400
In-reply-to: <85eheovi55.fsf@xxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=4193A197; url=http://www.appelbaum.net/gpg.asc
References: <4F42AD50.4050807@xxxxxxxxxxxxx> <85sjgwz3kw.fsf@xxxxxxxx> <85629l4rne.fsf@xxxxxxxx> <50089CE0.5080501@xxxxxxxxxxxxx> <85eheovi55.fsf@xxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

intrigeri:
> Hi,
> 
> Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
>> intrigeri:
>>> So, Jake tells me that ChromeOS will use tlsdate by default, and that
>>> this should solve the fingerprinting issue. Therefore, I assume this
>>> implicitly answer the (half-rhetorical, I admit) question I asked in
>>> March, and I assume there is indeed some fingerprinting issue. So, in
>>> the following I'll assume it's relatively easy, for a close network
>>> adversary (say, my ISP) to detect that I'm using tlsdate.
>>>
> 
>> It isn't shipping yet, so we'll see what happens.
> 
> I'm told ChromeOS ships it nowadays, so I'm excited at the idea to
> learn more about it, so that we can move forward a bit about the
> fingerprinting issue.

It does indeed - their network time document is here:

 https://docs.google.com/a/chromium.org/document/d/1ylaCHabUIHoKRJQWhBxqQ5Vck270fX7XCWBdiJofHbU/edit

> 
> I was not able to find any authoritative information about how they
> run it. Their time sources [1] design doc is quite clearly outdated.
> Where can I find up-to-date information on this topic? I assume one of
> the dozens of Chromius Git repositories [2], but which one?
> 
> [1] http://www.chromium.org/developers/design-documents/time-sources
> [2] http://git.chromium.org/gitweb/
> 

Basically - tlsdate in Tails would be a minor set of users compared to
the much larger user base of ChromeOS.

I've also just updated the INSTALL file to document the different places
that git-master of tlsdate works:

  Debian Gnu/Linux 6.0.7
  Ubuntu 11.04, 12.04, 12.10
  CentOS 6.2, 6.3
  Fedora 17, 18
  RedHat Enterprise Server 6.4
  OpenSUSE 11.2, 12.3
  FreeBSD 10-CURRENT
  Mac OS X 10.8.2, 10.8.3
  ChromeOS 26.0.x.x, 27.0.x.x (tlsdate is part of the ChromeOS TCB!)

I'd like to settle on a list of hosts that it uses by default which may
include a Google host or not. I haven't yet decided.

All the best,
Jacob
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: intrigeri

References:
- Re: [tor-talk] secure and simple network time (hack)
  - From: intrigeri

Prev by Author: Re: [tor-talk] secure and simple network time (hack)
Next by Author: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Previous by thread: Re: [tor-talk] secure and simple network time (hack)
Next by thread: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Index(es):
- Author
- Thread