[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Elly Jones:
> On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
>> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
>>> Allow me to be very explicit: it is harder to parse an HTTP Date header
>>> than properly than casting a 32bit integer and flipping their order. The
>>> attack surface is very small and easy to audit.
>> Just discovered that tlsdated in tlsdate-0.0.6 is dying with a
>> segmentation fault after a while. Not surprised after seeing the code
>> ? my experimentation with this gimmick is finally over. Turns out that
>> ?throw something together and wait for patches? is not a sound
>> development approach.
> Did you get a stack trace?

Not that I've seen - Maxim is often extremely harsh - don't take it

> Also, yes, tlsdated is not very well-written. I wrote it in a great hurry and
> now don't really have time to undo the worst of the hacks :(. Patches gratefully
> accepted.

I haven't really touched it as I consider you to generally be the owner
of that part of the code. What specifically do you think we should re-write?

All the best,
tor-talk mailing list