[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

To: The Tails public development discussion list <tails-dev@xxxxxxxx>, tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
From: intrigeri <intrigeri@xxxxxxxx>
Date: Tue, 16 Apr 2013 13:03:27 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 16 Apr 2013 07:03:46 -0400
In-reply-to: <51665E92.1040702@xxxxxxxxxxxxx> (Jacob Appelbaum's message of "Thu, 11 Apr 2013 06:56:18 +0000")
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4F42AD50.4050807@xxxxxxxxxxxxx> <85sjgwz3kw.fsf@xxxxxxxx> <85629l4rne.fsf@xxxxxxxx> <50089CE0.5080501@xxxxxxxxxxxxx> <85eheovi55.fsf@xxxxxxxx> <51665E92.1040702@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Hi Jacob and Elly,

Thanks for your answers! See more questions bellow.

Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
> Basically - tlsdate in Tails would be a minor set of users compared to
> the much larger user base of ChromeOS.

Sure.

I doubt we can blend in this "anonymity" set, though: unless Tails
wants to forever copy the set of hosts ChromeOS queries (which I don't
think we would want to rely upon on the long run), then Tails' use of
tlsdate will probably be fingerprintable at least by the ISP if the
connections are made in the clear, so we probably would want to run
tlsdate over Tor anyway.

So, I'm now considering this (tlsdate over Tor) to replace our use of
htpdate, and not to replace our initial time guess based on the Tor
consensus [1].

[1] https://tails.boum.org/contribute/design/Time_syncing/#index3h1

> I'd like to settle on a list of hosts that it uses by default which may
> include a Google host or not. I haven't yet decided.

OK.

Jacob, are you interested in implementing something like our current
multiple pool -based approach [2], or something else with similar
security properties? If Tails wants to move to tlsdate some day,
I guess a prerequisite would be not to lose the nice security
properties this approach currently gives us.

[2] https://tails.boum.org/contribute/design/Time_syncing/#index4h2

Elly Fong-Jones wrote (08 Apr 2013 03:06:02 GMT) :
> The (slightly outdated now) time-sources design doc is here:
> <https://docs.google.com/a/chromium.org/document/d/1ylaCHabUIHoKRJQWhBxqQ5Vck270fX7XCWBdiJofHbU/edit>

Elly, is this design doc correct that tlsdate queries
clients3.google.com only in ChromeOS?

(Given you implemented the multi-host feature, I'd be surprised that
you don't use it, but I could not find what /etc/tlsdate/tlsdated.conf
ChromeOS is using, so I don't know.)

Cheers,
--
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Elly Fong-Jones
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum

References:
- Re: [tor-talk] secure and simple network time (hack)
  - From: intrigeri
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum

Prev by Author: Re: [tor-talk] secure and simple network time (hack)
Next by Author: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Previous by thread: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Next by thread: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Index(es):
- Author
- Thread