[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)



Jacob Appelbaum:
> adrelanos:
>> Jacob Appelbaum:
>>> If I were to reinvent the wheel without having read any of tordate's
>>> source, I would:
>>>
>>>   open the consensus or the cached-microdescs
>>>    parse the absolute minimum time
>>>   stat the respective file to see the last possible atime/mtime/ctime
>>>   pick the later time of the two
>>>   jump the clock forward again
>>
>> What in case the directory authority is not reachable (censored area)?
>>
> 
> Well, if we have a file on the disk, we don't even have to touch the
> network to jump the clock, right?

I must admit I am the over thinking type. Three cases. One appears
unsolved to me.

1) there is a file on disk -> no consensus parser required
2) there is no file on disk; Tor directory authority available -> parse
consensus
3) there is no file on disk; Tor directory authority is not reachable -> ?

How likely is it that there is no file on disk and that Tor directory
authority is not reachable? I have no idea, just thought, if it isn't a
likely use case, you wouldn't think about a consensus parser.

>> Is the parasitic approach future proof anyway? Won't that cost the
>> remote server admins cpu load and traffic?
> 
> Probably and probably not?

I don't know.

>>
>> What if the remote server admins install some "intelligent" filter,
>> which blocks Tor? (for other unrelated spam/ddos issues)
> 
> Which server admins? People offering TLS?

The admins of the servers which tlsdate contacts, i.e. top 100 alexa or
whatever hosts you may pick.)

>>
>> Why trust and get the time of some remote server admins who are not
>> really willing to run a network time server? They most likely get their
>> own time over unauthenticated NTP. Getting time from TLS is more a hack
>> than a replacement for non-existing tcp, authenticated and distributed  NTP.
>>
> 
> Yeah, I'm aware. Really, well aware. People keep telling me over and
> over again

I apologize, very sorry for my wording and didn't want to join that, in
fact very happy about ANY kind of improvements in the network time sync
area.

<snipped the other parts where I agree and have nothing to add>

Cheers,
adrelanos
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk