[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Jacob Appelbaum:
> adrelanos:
>> Jacob Appelbaum:
>>> If I were to reinvent the wheel without having read any of tordate's
>>> source, I would:
>>>
>>> open the consensus or the cached-microdescs
>>> parse the absolute minimum time
>>> stat the respective file to see the last possible atime/mtime/ctime
>>> pick the later time of the two
>>> jump the clock forward again
>>
>> What in case the directory authority is not reachable (censored area)?
>>
>
> Well, if we have a file on the disk, we don't even have to touch the
> network to jump the clock, right?
I must admit I am the over thinking type. Three cases. One appears
unsolved to me.
1) there is a file on disk -> no consensus parser required
2) there is no file on disk; Tor directory authority available -> parse
consensus
3) there is no file on disk; Tor directory authority is not reachable -> ?
How likely is it that there is no file on disk and that Tor directory
authority is not reachable? I have no idea, just thought, if it isn't a
likely use case, you wouldn't think about a consensus parser.
>> Is the parasitic approach future proof anyway? Won't that cost the
>> remote server admins cpu load and traffic?
>
> Probably and probably not?
I don't know.
>>
>> What if the remote server admins install some "intelligent" filter,
>> which blocks Tor? (for other unrelated spam/ddos issues)
>
> Which server admins? People offering TLS?
The admins of the servers which tlsdate contacts, i.e. top 100 alexa or
whatever hosts you may pick.)
>>
>> Why trust and get the time of some remote server admins who are not
>> really willing to run a network time server? They most likely get their
>> own time over unauthenticated NTP. Getting time from TLS is more a hack
>> than a replacement for non-existing tcp, authenticated and distributed NTP.
>>
>
> Yeah, I'm aware. Really, well aware. People keep telling me over and
> over again
I apologize, very sorry for my wording and didn't want to join that, in
fact very happy about ANY kind of improvements in the network time sync
area.
<snipped the other parts where I agree and have nothing to add>
Cheers,
adrelanos
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk