[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Using Tor Hidden Services as Time Source
On Fri, Feb 06, 2015 at 10:41:46PM +0000, Patrick Schleizer wrote:
> We want to get rid of SSL and make use of the strong security properties
> of Tor's end-to-end encryption for Hidden Services in order to safeguard
> against clearnet SSL MITM attacks, which are within reach of powerful
> Our plan is to contact hidden service operators, adding multiple
> trustworthy hidden services to the list for both redundancy and load
> distribution. Our estimated user base is 5000. The requests will only
> involve fetching an HTTP header from the server, similar to `curl --head
> Before simply implementing this feature and hoping Tor handles the load
> without issue, we'd like expert (deep knowledge of Tor internals,
> network size, paths, etc) and (hopefully) official responses to our idea.
The first problem you're going to have here is that hidden services
don't work unless your time is approximately correct. So you will have a
chicken-and-egg problem using them to get an accurate time if you don't
already have one.
I really think the right thing to do is to teach Tor how to export what
time it thinks it is (via the control port), and to teach Tor to go get
some extra opinions from the directory authorities if it suspects that
your time is wrong. These are those two tickets:
Tor relays know what time it is, and some of them are quite trusted and
trustworthy, and your Tor already talks to them and learns the time in
a secure way.
There's some design work to be done still though.
Also, there are apparently some bugs in Tor where if you start Tor with
a wrong clock, and then something externally fixes the clock to be right,
Tor doesn't notice, or doesn't notice for a while.
I've just explored that one a bit more and posted a partial fix, but
more issues likely remain.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to