[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] secure and simple network time (hack)

>> Why don't we propose a clean solution for this time mess anyway?
> Is this that big of a deal? If a would be Tor user doesn't know
> what time it is and/or can't set their clock manually, they've got
> bigger issues to worry about.
> And given 90% of these users use windows, they're set via ntp by
> default (or rooted via other means) already.

Yes, it's a big deal. First time asked "System time in anonymity
oriented LiveCDs". [1]

We can't solve the problems with Windows and compromised Windows
machines. This solution is needed for pepole who really care about
security / anonymity. People who are interested in Tails, Liberte
Linux or aos.

These projects are interested in a solution. Setting time manually is
really inconvinient.

> In fact, since afaik Tor's entire trust is based on what the top
> level dir auths say,

There is a ticket from a Tor dev to change this.

> all other nodes besides auths likely have no need to consider
> time... just sigs. Even auths might not need to either... rather,
> just publish good timestamps for recordkeeping (exonerator, stats,
> etc) is all.

Time is important. Since (for example) javascript can read it, an
adversary controlled time skew can de-anonymize. Also read Steven J.
Murdoch's paper about clock skew. Good for introduction as well. [2]

> Last, is using Tails (or any OS for that matter) somehow going to
> get you more blocked than blocked (or dead than dead) than for
> already using Tor? Doubt it.

What do you want to say with more blocked than blocked? I doubt Tails
is dead given the number of users and dev activity.

[2] https://tails.boum.org/contribute/design/Time_syncing/
tor-talk mailing list